If you want to understand why making it impossible to encrypt your iCloud data is a huge invitation to organized crime, I have two stories to share. The first involves a surveillance-as-a-service firm getting pwned, the second relates to a new wave of phishing focused malware migrating from Windows to macOS.These twin tales emerge in perfect step tomaniacal government attemptsto insert back doors inside encrypted data, arguing that doing so will make us safer. They wont, of course theyll just make cybercrime easier, particularly for criminals armed with phished credentials who want to insert their own surveillance software inside your unencrypted online data stack.This comprises a perfect storm, a cauldron of misery, all being mixed up and destined to doom users everywhere.Not the first, not the last: SpyXTechCrunchcaught theHave I Been Pwnedstory that a consumer-grade spyware outfit called SpyX was breached last year. The 25thin a series of mobile surveillance-as-a-service firms to be breached since 2017, the company had almost two million records when the breach occurred, including data concerning Apple users.SpyX didnt report the breach when it happened in June 2024, which is why Have I Been Pwned exposed it.What is SpyX? In this particular manifestation, the stalkerware is sold as a service so parents can track their kids. (It is apparently also used by suspicious partners to spy on their significant others.)In the Apple ecosystem, the way SpyX reportedly works is to tap into peoples iCloud backups, where it quietly grabs any of your most personal unencrypted information. While this exploit also requires assailants to get hold of the targets Apple Account data, it is important to note that in the UK government spooks seem to be demanding access without that key.But for surveillance-as-a-service firms, the fact that you cant use Advanced Data Protection to secure iCloud data in the UK makes undermining account security the essential next step.Have you been pwned?The thing is, your Apple Account ID can protect your data from such attacks, which is why you should always use a complex alphanumeric one and never share it.However, as everyone with the even slightest bit of interest in security knows, security is only as secure as the weakest part usually the human using the device.That, in a nutshell, is why phishing attacks are so popular, and why those attacks are becoming more and more sophisticated. Criminals know that if they can find some way to scam your account login details out of you they can jump inside your digital shoebox and grab lots of yummy information about you, your life, even your financial situation.They dont even need to use this data themselves; this stuff sells for good money on the Dark Web. Apples systems are renowned for being secure, which is why Apple IDs were being sold there for$15 a pop back in 2018.Get a MacIf youve been paying attention, you might have noticed that Apple experiencedover 25% growth in Mac sales in Q4 2024, far ahead of the PC industry average, which reflects a growing Mac market share for the company.If market analysts know that, and we know that, then well-resourced criminals are certainly cognizant of this data, which is why theyre moving to Mac. (To be fair, they have been for a while, its just that Windowsseems to be an easier target.)But that gravy train is switching platforms, and so are the bad guys. Cybersecurity firmLayerXrecently identified a new scareware campaign jumping from Windows to Mac. These attacks are basically a phishing attack designed to trick users into entering their credentials into fake Microsoft security alerts served up via compromised websites. The idea is to scare users into sharing their login details.Jaron Bradley, director ofJamf Threat Labs, explained how Mac users should approach this new attack vector. Users should never enter their iCloud credentials outside of the official Apple website. They should also be cautious when encountering flashing warnings that prompt them to call a phone number to resolve a supposed threat. These calls often lead to scammers who promise to fix a fake issue in exchange for a fee and credit card information, he wrote.Open upHes right, because once criminals get your code, they can access your iCloud data (if left unencrypted). They can, in theory, then also infest your iCloud with the kind of scary surveillance software SpyX sells, instantly crafting a backdoor to your digital existence.Rogue nations in which iCloud data cannot be encrypted, (not that we know who they are), leave their populations wide open to such attacks, closing the best door to protect against them. And as these twin tales show, these threats arent even imaginary, theyre already here. Moral of the tale? Perhaps its time to return to on-device iPhone backups and to make use of Apples own tools to encrypt databeforeyou put it in iCloud.You can follow me on social media! Join me onBlueSky, LinkedIn, andMastodon.