Macs under attack?

It's arguable that the recent Flashback Trojan episode has been the tipping point when it comes to changing the face of the Mac security threatscape. But who is targeting OS X and iOS devices, how are they doing it and should the average business user be worried? Davey Winder investigates...

Orla Cox, senior security operations manager at Symantec Security Response, joins the chorus of disapproval when she told us that Symantec has seen a "slow but steady increase in attacks on OSX" going back to May 2011 with the "first crimeware kit for OSX, the Weyland-Yutani kit which allows would-be attackers to create their own bots for distribution, similar to the Zeus kit" right up to the Flashback Trojan for which it is "still seeing significant numbers of infections."

Cox warns that Mac users should certainly be cautious, particularly now that targeted attacks using malware written specifically for the Mac platform has been seen. "This type of attacker is persistent" Cox says "and will use whatever means necessary to gain a foothold in the organisation it has in its sights."

In Apple's defence though, some security experts such as Garry Sidaway, director of security strategy at Integralis, reminds us that, while Microsoft has traditionally taken the brunt of malware attacks "Apple has already implemented a lot of security features recommended by the industry, particularly in their latest release to try and address the common malcode exploits, buffer overflow, raised privileges [and so on]." However, Sidaway also thinks Apple would do well to learn the lessons that Microsoft has by working with information security analysts and strategic partners to reduce the risk surface to business (the Patch Tuesday exercise being a good example) if it wants to truly embrace the business world.

"At present, its cool and trendy image outweighs the security concerns for the individual" Sidaway told IT Pro adding: "but not for the businesses that are trying to manage BYOD".

Featured Resources

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Security best practices for PostgreSQL

Securing data with PostgreSQL

Download now

Transform your MSP business into a money-making machine

Benefits and challenges of a recurring revenue model

Download now

The care and feeding of cloud

How to support cloud infrastructure post-migration

Watch now

Most Popular

Microsoft is submerging servers in boiling liquid to prevent Teams outages
data centres

Microsoft is submerging servers in boiling liquid to prevent Teams outages

7 Apr 2021
Hackers are using fake messages to break into WhatsApp accounts
instant messaging (IM)

Hackers are using fake messages to break into WhatsApp accounts

8 Apr 2021
Data belonging to 500 million LinkedIn users found for sale on hacker marketplace
hacking

Data belonging to 500 million LinkedIn users found for sale on hacker marketplace

8 Apr 2021