Macs under attack?
It's arguable that the recent Flashback Trojan episode has been the tipping point when it comes to changing the face of the Mac security threatscape. But who is targeting OS X and iOS devices, how are they doing it and should the average business user be worried? Davey Winder investigates...
Orla Cox, senior security operations manager at Symantec Security Response, joins the chorus of disapproval when she told us that Symantec has seen a "slow but steady increase in attacks on OSX" going back to May 2011 with the "first crimeware kit for OSX, the Weyland-Yutani kit which allows would-be attackers to create their own bots for distribution, similar to the Zeus kit" right up to the Flashback Trojan for which it is "still seeing significant numbers of infections."
Cox warns that Mac users should certainly be cautious, particularly now that targeted attacks using malware written specifically for the Mac platform has been seen. "This type of attacker is persistent" Cox says "and will use whatever means necessary to gain a foothold in the organisation it has in its sights."
In Apple's defence though, some security experts such as Garry Sidaway, director of security strategy at Integralis, reminds us that, while Microsoft has traditionally taken the brunt of malware attacks "Apple has already implemented a lot of security features recommended by the industry, particularly in their latest release to try and address the common malcode exploits, buffer overflow, raised privileges [and so on]." However, Sidaway also thinks Apple would do well to learn the lessons that Microsoft has by working with information security analysts and strategic partners to reduce the risk surface to business (the Patch Tuesday exercise being a good example) if it wants to truly embrace the business world.
"At present, its cool and trendy image outweighs the security concerns for the individual" Sidaway told IT Pro adding: "but not for the businesses that are trying to manage BYOD".
The essential guide to cloud-based backup and disaster recovery
Support business continuity by building a holistic emergency planDownload now
Trends in modern data protection
A comprehensive view of the data protection landscapeDownload now
How do vulnerabilities get into software?
90% of security incidents result from exploits against defects in softwareDownload now
Delivering the future of work - now
The CIO’s guide to building the unified digital workspace for today’s hybrid and multi-cloud strategies.Download now