Targeted attacks against Mac users continue to climb

Mac OS X users are at more risk from advanced persistent threats, according to one researcher

By , ITworld |  Software

"Mac users have long thought themselves safe, but that's never been the case," Hardy said. The unfounded belief in Macs invulnerability is a huge asset to attackers, he said. Most successful malware attacks still rely on some degree of human interaction. Mac users, accustomed to clicking web links and opening e-mail file attachments without fear of infection, are more compliant victims.

Apple, itself, bears some of the blame. The company has also carried over a long tradition of intense privacy and insularity to its security operation - a marked contrast to Microsoft's efforts over the last decade to be open about security issues and engage the security community. "Apple is pretty much the opposite. They're still closed. They're still more likely to respond with hostility to security researchers. You're more likely to talk to a lawyer than an engineer," he said.

Other security firms have also documented a rise in malware for Mac systems, in parallel with increased consumer and business adoption of Mac OS X.

Graham Cluley at the anti-malware firm Sophos said his company has only anecdotal evidence of APT attacks against Mac systems, but notes that researchers there have seen Mac malware become more sophisticated as malware authors have warmed to the prospect of targeting the growing global population of Mac users.

The security firm McAfee reported in May that they saw a steady increase in Mac malware in the first part of 2012 - a trend that it expects to continue through the end of the year. However, some perspective is in order: McAfee identified some eight million new malware samples in the first quarter of 2012. Of those, just 400 - .005% - were Mac-focused malware or fake antivirus programs, the company said.

No surprise: though many companies (including Sophos) now offer anti malware products for the Mac OS X operating system, use of them is far less common than on Windows systems. For now, most Apple users rely on Apple, itself, to provide them with the means of looking for and removing malware infections, using operating system updates that include malware signatures for newly identified malware. It's a model that works well enough as long as the number of Mac threats remains low and slow moving, and as long as the population of new threats is small. But Cluley said that the top-down model gives malware authors plenty of time to modify their malware to evade Apple's signatures, while a sharp increase in malware for Mac may well overwhelm Cupertino and leave Mac users unprotected.

For now, the options for Mac users are about the same as for Windows users, say Hardy, Cluley and others. Organizations that have employees on Macs should employ a "defense in depth" strategy. Organizations need to be aware of what Mac-specific threats are out there and how to identify them. Finally, user education is key, said Hardy.

"Your users should know what a malicious e-mail attachment or link might look like. They should be trained to refrain from opening unexpected or strange e-mail attachments, or from clicking on links in e-mail messages," he said.

Related: Mac malware stats

Sophos surveyed 100,000 Mac systems for 7 days running the company's free anti-malware software for Mac. They found 2.7% of the Macs carried OS X malware, and 20% carried Windows malware. The breakdown is as follows:

  Top Mac malware found % based on 2,700 infected Macs
OSX/Flshplyr 75.1%
OSX/FakeAV 17.8%
OSX/RSPlug 5.5%
OSX/Jahlav 1.2%
Other 0.4%
  Top Windows malware found % based on 20,000 infected Macs
Mal/Bredo 12.2%
Mal/Phish 7.4%
Mal/FakeAV 3.8%
Troj/ObfJS 3.6%
Mal/ASFDldr 3.3%
Troj/Invo 3.0%
Troj/Wimad 2.6%
Mal/Iframe 1.5%
Mal/JavaGen 1.4%
Other 61.2%

Source: Sophos

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

Ask a Question