Mac and iOS Show Thier Vulnerabilities.......

About a month ago Apple released security updates for Mac operating systems, as well as a security update for the iPhone and iPad.  For many observers, particularly the media, this was an extraordinary event, as there is a perception of invulnerability as it relates to Mac and other Apple products.  Unfortunately this is more myth than fact.  The reality is that today there is exists malware that is specifically designed to target and exploit weaknesses with Mac platforms.  This can easily be explained by examining market penetration of the various operating systems.  Until recently the majority of business in America utilized Windows based machines.  There is an economic term that helps explain this phenomenon, homo economicus. Homo economicus or economic human, is the concept that humans as rational and self-interested creatures that look to maximize utility as a consumer and profit as a producer.  In other words, humans, in this case cybercriminals desire to make the most impact with the lowest cost.   Cybercriminals recognize that Windows dominate the personal and business computer market, so by targeting the Windows OS they will get the “biggest bang for their buck” .  

Recent surveys of American business indicate that Mac’s are more popular than ever, so one can expect that there will be an increase in the volume of malware attacks specifically targeting Mac OS’s.    Unfortunately, culturally the myth of Macs invulnerability to malware still exists and it can lead to some serious security concerns for organizations and user. 

Symantec recently completed a study of Mac machines that were infected with malware and found that only 2.5 percent of threats found on Macs are Mac malware.  The remaining malware was Windows malware.  Mac users were being tricked into downloading malware, the good news is that 97.5 percent of the time the malware would not impact the Mac machine. The bad news is that if the Mac was connected to a shared drive, or transferred the malware to a USB which was then inserted or shared with a Windows machine then that Windows machine is a potential victim.

Clearly there is a significant fewer number of malware attacks directed at Mac than Windows.  For a historical context, ELK Cloner was the first self-propagating piece of malware was designed to attack the Apple II in 1982.  The first piece of malware targeting Mac was in 1987 called nVIR.  More of an annoyance than destructive, they both were designed to spread via contaminated floppy disks.  Over time the Mac OS operating system was hardened and the ability to introduce malware on the system was more difficult.  Malware writers began to rely on social engineering and Trojans to trick users into installing the malware.  More recently, in 2012 one Mac threat (Flashback) infected approximately 600,000 machines, or about 1 out of every 100 Macs worldwide. It targeted a java vulnerability to gain access to the machines that visited an infected website.  The bad news is that Mac users seem to be as susceptible to downloading malware as a pc user.  By perpetuating the myth that Macs are not as susceptible to malware as pc machines seems to lead to as risky or perhaps riskier behavior for the Mac user. 

Apple has recognized that there is an increased threat level directed at their OS and did respond with XProtect for the Snow Leopard OS.   XProtect would proactively identify malware during the download process and notify the user, giving them the option of cancelling the download or moving it to trash. It was a definition based malware that is designed to work just like traditional antivirus software. Unfortunately,  Apple is somewhat secretive about how it works.  There is limited information on the Apple website about how it works, when it is being updated or what it is being updated with. 

More recently Apple released GateKeeper, in the Mountain Lion OS.  GateKeeper, is a behavioral based protection tool that asks the user various questions about their downloading behavior, where the use downloads from.  Depending on where the user indicates where they download from will dictate the security notifications they receive and the guidance GateKeeper provides. 

Unfortunately these developments have not deterred malware writers from targeting Mac OS.  The 2013 Internet Security Threat Report, Volume 18 found the following:

• 42% increase in targeted attacks in 2012.
• 31% of all targeted attacks aimed at businesses with less than 250 employees.
• One waterhole attack infected 500 organizations in a single day.
• 14 zero-day vulnerabilities.
• 32% of all mobile threats steal information.
• A single threat infected 600,000 Macs in 2012.
• Spam volume continued to decrease, with 69% of all email being spam.
• The number of phishing sites spoofing social networking sites increased 125%.
• Web-based attacks increased 30%.
• 5,291 new vulnerabilities discovered in 2012, 415 of them on mobile operating systems.

Assuming that Mac OS and IOS continues to gain market share in both personal and business use, we can expect there to be continued interest on the part of malware writers and cybercriminals in targeting the various OS.  Organizations that are adopting the Mac OS will struggle to provide adequate security controls over the OS for two reasons,  the misconceptions of the users, and the lack of developer information relating to security controls of the OS. 

In today’s cyber environment, organizations must make security decisions based on meaningful risk analysis and threat matrixes.  In order for Mac and iOS to be adopted by more organizations there must be an increase in transparency on what Apple is doing to protect their various operating systems from these threats. I would expect that organizations would demand more information from Apple on how they are protecting against malware and targeted threats directed at the Mac and IOS operating systems, as a means to protect their networks, before we see wide spread integration into the business environment.