My first experience of the technological platform wars dates back to 1985, when the protagonists were Amiga and Atari. I was an Amiga person and continued to write on the platform for numerous publications over the next decade. There have been many brand battles since, but none have had the longevity of Apple Vs. Microsoft. Or, more precisely, Macs against Windows machines. However, a recently released report on the state of malware threatens to expose a new dimension to the old debate: wars against cybersecurity threats. Malwarebytes research uses data from product telemetry, honey jars and various threat intelligence measures to analyze threats to consumers and businesses in 2019. One of the most interesting trends to identify is the platform-specific nature of cybersecurity threats. Mac threats, the report reveals, have increased exponentially compared to those of Windows. I’ll let it penetrate for a moment.
A deep dive into the waters of Mac malware
Malwarebytes’ 2020 “Malwarebytes State Report” delved deeply into the real-world threats faced by Android and iOS users, browser attacks, and Mac and Windows PCs. After encrypting the numbers and analyzing the data, the report concludes that the volume of Mac threats increased by more than 400% year-on-year in 2019, exceeding Windows “endpoint threats” in a ratio of almost two to a. The latter number being the most important because it takes into account that Malwarebytes has a larger Mac user base than Windows.
Going deeper into the threats themselves, the report suggests that just one of the Mac threats in 2019 did not involve cheating the user into downloading and performing something malicious. This incident occurred when cryptocurrency companies, including Coinbase, were targeted using a zero-day vulnerability in Firefox as a vector for malware infection. “It was the first time that such a vulnerability had been used to significantly infect Macs since 2012,” said the researchers, “when Java vulnerabilities were repeatedly used to infect Macs.” Most Mac threats, it seems, were of the adware variety and were found to “far outpace growth on the Windows side”. Adware, of course, isn’t as much of a threat as ransomware, which continued to impact Windows systems throughout 2019, but it still displays “malicious and persistent behavior to trick users into a false sense of security. “
The report continues by revealing that more malicious behavior in the foreground of Mac files is also increasing year over year, using increasingly inventive and deceptive approaches to evade Apple’s detection. Malware “breakthroughs” affecting iOS, the report said, “could prompt the tech giant to reconsider whether to allow antivirus products on its beloved mobile devices.”
Is it time to take a serious look at Mac security?
By taking a look at my own media coverage here, I have reported many more Windows threat stories than Macs. Everything from state-sponsored campaigns to critical browser vulnerabilities for Windows users and numerous critical security alerts, as well as advice on securing Windows 10.
This does not mean that Apple has escaped the review, but that there are fewer security incidents to report. The strange iPhone-specific malware, and even a Siri “ feature ” that left the encrypted text of Apple Mail unencrypted. Mostly, however, when I wrote about Apple from a security perspective, it was about offering advice on securing an Apple Watch 5, or looking at apps that know if your iPhone has been pirate.
Malwarebytes researchers have concluded, however, that what the threat landscape of 2019 teaches us as we move towards 2020 is that “it’s time to take a close look at Mac security and finally get serious.” An increase in malware, adware, and pre-installed multi-vector attacks indicates that threat actors are becoming more creative and increasingly persistent with their campaigns, “said Marcin Kleczynski, CEO of Malwarebytes,” it is imperative that as an industry, we continue to raise the bar to defend ourselves against these sophisticated attacks. “
So what does the information security industry think about this analysis and the broader concept of cybersecurity platform wars? I thought I would ask and find out.
Is there a place for platform wars in your cybersecurity strategy?
“Cybereason sees a noticeable increase in malware strains and threat groups targeting Mac systems,” says Israel Barak, CISO at Cybereason, “We are also seeing a steady increase in the level of sophistication of the tools used to target Mac systems.” . and in particular, the use of the capacities of the integrated operating system (living above the ground) to better escape detection. “Tim Erlin, vice president of product management and strategy at Tripwire, is not convinced that, as a stand-alone statistic, it is important that Mac or Windows malware is the most common.” The prevalence of malware for a particular platform is really a reflection of the target environment, “says Erlin, what is important is to” ask follow-up questions to find out why the attention of malware authors may have changed, or how changes in malware trends impact defensive priorities. ”
Oliver Pinson-Roxburgh, the co-founder of Bulletproof, says that “the largest population of corporate laptops is Windows-based, and they offer the greatest opportunity, which is why we see more malware for Windows systems specifically. ” Of course, as Malwarebytes’ analysis suggests, the balance may change as a different OS gains market share or more lucrative vulnerabilities emerge. Pinson-Roxburgh points out that “we only know about the vulnerabilities and malware that the most targeted hackers want us to know about, why disclose that you have a Mac Zero-Day if you can keep it hidden and enjoy it?” Then there is the little question of misplaced trust. “Unfortunately, many Mac users have complete confidence that the macOS architecture and the greater number of Windows PCs connected to the Internet will prevent bad actors from targeting them,” said Felix Rosbach, product manager at comforte AG. . “It is absolutely crucial to implement cybersecurity countermeasures on both platforms,” concludes Rosbach, “regardless of any malware statistics.”
Martin Jartelius, CSO at Outpost24, says that the malware platform matters less than the factors behind these growth trends. “If we assume, for example, that this is due to a technical difference,” says Jartelius, “it can lead to risk mitigation decisions. If we assume that it is due to the degree of commercial adoption of a platform versus another, we may not be able to draw the same conclusions. “This is a pointless discussion,” Jartelius tells me, “you will need awareness, reinforcement, patch, and antivirus software whatever platform you choose. ” It all depends, says Tom Hegel, security researcher at Alien Labs at AT&T Cybersecurity, on your threat modeling. “The number of threats may not really matter to an organization that is heavily targeted by capable attackers,” says Hegel, “however, an individual’s personal device may have a higher chance of being infected. by something using the devices with a greater variety of threats. ”
Cybercriminals make less fun of the platform you use
David Jemmett, CEO of Cerberus Sentinel, says that people have an illusion that the threat of Mac malware is lower than Windows. “First you have to understand that Mac is built on a UNIX platform with a graphical interface,” explains Jemmett, “experienced hackers penetrate or take control of UNIX systems from the start of ARPANET.” Jemmett agrees with the assumption that cybercriminals don’t care about the operating system, the machine, or the type of connection you have on the Internet. “They only care if they can extract money from the source of an attack,” he says, “Mac users as a whole have heard the myth that they are safer with Mac than ‘with a Windows PC. These statements are false and should be deleted from anyone’s thoughts and removed from everyone’s vocabulary. “
“From the perspective of an advocate within an organization,” says Javvad Malik, security awareness advocate at KnowBe4, “It is generally good to have information about the latest malware and security systems.” ‘target farm.’ Historically, this means that Windows malware has been more widespread due to the dominance of the operating systems market. “But now, with more Macs entering organizations, there will be more Mac-based attacks,” says Malik. However, in the bigger picture, does it matter when many organizations, for example, have embraced the cloud to some extent? “We see attacks such as stuffing credentials to access corporate accounts, which are operating system agnostics,” says Malik, “in the vast set of things, it doesn’t really matter how bad operating system malware is increasing if we still cannot prevent the basic steps of intruders from entering. “
Cybercriminals Track Value, Not Statistics
Jonathan Knudsen, senior security strategist at Synopsys, uses the analogy of choosing a place to live to explain how cybercriminals track value. “At first glance, you can choose an apartment building with a low incidence of crime,” says Knudsen, “however, as more people move into the building, its value as a target of crime increases. In the short term, you could reduce risk by tracking the statistics, but you still need to take appropriate steps to protect yourself and your assets. “Statistics and metrics on Windows Vs. According to Michael Barragry, operations lead to edgescan,” software Mac malware may be worth looking into on their own, “but they may have become less relevant as the two organizations matured and became deeply embedded in global organizations, so -value targets for malware and similar attacks. “
I’ll leave the last word, certainly obtuse, to Chris Clements, vice president of solutions architecture at Cerberus Security. “You and a friend are walking down the street in different colored shirts,” says Clements. A hundred feet ahead, two attackers come out and point a weapon at each of you. The attacker who targets you (macOS) uses a revolver, the attacker who targets your friend (Windows) has a fully automatic M16. “Just because you’re less likely to get shot doesn’t mean you’re less dead if you’re …”