News
News Categories

Cyber-security report: More attacks on Macs this year than the previous 5 years combined

By Marcus Wong - on 5 Nov 2015, 3:13pm

Cyber-security report: More attacks on Macs this year than the previous 5 years combined

Bit9+ Carbon Black Threat Research team’s recent study shows that the Mac has seen more attacks in 2015 than in recent years. In fact, the number of attacks this year to date is already five times greater than all the attacks from 2010-2014 combined.

“This rise in Mac OS X malware comes after several years of rapid OS X market share gains, with 16.4 percent of the market now running OS X, including expanding deployment in the enterprise,” the report says. “This represents a growing attack surface for sensitive data, as 45 percent of companies now offer Macs as an option to their employees.”

Chalk it down to more of an inevitable turn of the tide? The more Macs are used in the workforce, the higher the likelihood of there being valuable data on them, and hence the more value there is in hacking them. Time to load up on the protection software then?

Well, all Macs have cyber-security software called “Gatekeeper” installed that runs in the background and can’t be accessed by the user, so there’s a basic level of protection inherent. Still, it’s a good idea to have additional antivirus software installed, and to ensure that the definitions are up to date. Enterprise companies will also want to ensure their employees have antivirus software on their computer and that it’s in use with the latest update installed.

The fact of the matter is that both PCs and Macs will continue to face cyber threats, so the spike in Mac attacks and vulnerabilities is no reason to panic. What’s interesting to note is that typical Unix persistence mechanisms are not often seen in the OS X malware analyzed, meaning that the malware authors are focusing on OS X-specific mechanisms; using features of the OS like LaunchDaemons/LaunchAgents.

According to their research, the vast majority of OS X malware use one of seven techniques to remain on the system:

  1. LaunchAgents – An OS X provided way to start programs on a per-user or system-wide basis.
  2. LaunchDaemons - An OS X-provided way to start programs on a per-user or system-wide basis, used interchangeably with LaunchAgents
  3. Cron job – Cron is a time-based job scheduler in Unix-like computer operating systems. Cron jobs are used to run scripts/programs periodically at fixed times, dates or intervals.
  4. Login items – The method to cause programs to run when a user logs in to an OS X account.
  5. Browser plugins – Code that runs in the context of a Web browser. They are known for adding additional functionality to browsers.
  6. StartupItems – Programs to run upon system startup.
  7. Binary infection – When one executable modifies another so when the original executable is run control is passed to the malicious code prior to the original code being executed.

The Bit9+ Carbon Black Threat Research team notes that many enterprises have to date largely failed to implement the same amount of controls, monitoring and security to OS X devices as they have had on Windows machines, so this is a good time for enterprise security professionals to upgrade their resources on this front.

Consumers are advised to look at antivirus products for at least a base level of protection, while two utilities are available if you should wish to check if your system has been compromised.

Dynamic Hijack Scanner - a simple utility that will scan your computer for applications that are either susceptible to dylib hijacking or have been hijacked.

KnockKnock - uncovers persistently installed software in order to generically reveal such malware.

The full threat report by the Bit9+ Carbon Black Threat Research team can be found here.

Source: Business Insider

Join HWZ's Telegram channel here and catch all the latest tech news!
Our articles may contain affiliate links. If you buy through these links, we may earn a small commission.