We’re a little over a month into 2017 and fresh reports of new malware have already surfaced, including small scale targeted attacks and a new Mac threat just last week masquerading as an Adobe Flash Player update. Sure enough, 2017 promises to be a lot more eventful, so what’s on the horizon?
There are a number of troubling trends and macOS threats that consumers and businesses should be aware of, both native to Apple’s operating system and also within the wider security sphere. What are these troubling trends, you ask? Intego presents to you the following Apple security predictions and what you can expect to see in 2017.
Distributed Denial of Service (DDoS) is nothing new, in fact, they have been around for a long time and are not going anywhere anytime soon. What we will see, however, is an increase in frequency and size this year. With the source code for IoT botnet Mirai available to anyone, we anticipate that it may be used in attacks similar to what we saw last year.
With manufacturers of networking equipment and IoT devices being sued now, hopefully this will prompt other manufacturers to build more secure equipment. This will give botnets, such as Mirai, less ammunition. Until things improve, however, we’ll see targeted sites being attacked with ever increasing bandwidth. DDoS and the Internet as a whole might feel this again if DNS providers find themselves in the crosshairs of such attacks.
Rather than attacking the user’s web browser, malvertising campaigns have been focusing on finding router exploits. Why mess with an endpoint if you can control the network? Before the end of the last year, security researchers from Proofpoint discovered a campaign that found malicious ads serving exploit code to infect routers, instead of browsers, in order to insert ads in every site users are visiting.
For the same reasons that make botnets like Mirai so successful, the technique of going after unprotected or poorly secured hardware will likely be observed more this year as attackers make use of hardware vulnerabilities.
Some big names were the target of data breaches last year, Yahoo being the biggest. According to a new report by the Identify Theft Resource Center (ITRC) and Cyber Scout, the number of U.S. data breaches soared 40 percent to an all-time record high of 1,093 in 2016. To combat this growing threat, the Trump administration has vowed to strengthen America’s cyber capabilities.
“Cyberwarfare is an emerging battlefield, and we must take every measure to safeguard our national security secrets and systems,” reads a page on the official whitehouse.gov website. Still, we believe 2017 will be no different than previous years, and that we will see quite a few more data breaches globally, including new ones and old hacks that went undiscovered until now.
Linux as a target
Before the end of 2016, a 0-day exploit was published that affected mainstream versions of Linux. With Linux users boasting all-too familiar “we’re protected from most nasties out there” beliefs, which Mac users used to have (and most still do), it’s starting to look like this is no longer the case. This year we may see more focus on Linux.
With macOS Sierra being a little trickier to infect with malware and the easy detection of most malware in the past through simple use of LaunchAgents, the easiest way to get to a user’s money or data is through adware or PUPs. And historically the most effective way to get these on a Mac is through fake Flash Player updates. The updated defenses in macOS Sierra may have forced malware authors to learn new ways to properly infect a Mac, which could be the reason we have thus far not seen more ransomware and other malware.
Ransomware is something we thought we’d see more of last year, but surprisingly, this did not happen. With how successful ransomware is on the Windows platform, it would be very unusual not to not Mac users. Though probably not very sophisticated, ransomware on the Mac will make another appearance this year.
Using techniques that have proven successful in the past to get malware/PUPs on a user’s Mac, such as fake Flash Player updates and phishing, combined with smarter installers, such as SilverInstaller, and hijacking the download server of an existing product, planting malware on a target system can be done. The problem is scale. Getting all of the above mentioned factors set up—and making sure a large amount of users are drawn to it—is not exactly an easy task. We believe this year Mac users could encounter more clever phishing emails or browser campaigns that will leverage such techniques to reach a big audience.
Flash Player Prompts
With major browsers now disabling Flash Player and other plug-ins by default, sites that previously automatically started Flash Player content will now prompt for it. As with frequent prompts in general, people get annoyed by them and will click anything to make them go away and to get to their content faster, without reading what the prompts actually say. This will make fake Flash Player or media player prompts more successful.
App Store as Attack Surface / Developer ID
As mentioned in the 2016 year in security review article, every piece of malware had one thing in common—a valid Developer ID. Bypassing Gatekeeper is an important step to ensure malware is installed by as many people as possible, so the use of a Developer ID has become very popular among malware authors. This trend will continue in 2017, and it will probably seep over into the App Store as well. There are already several apps in the App Store that promise anti-virus protection, but offer none whatsoever. At the time, these “antivirus” apps only take your money by charging for the app, it is not at all unreasonable to think such apps will start serving malware down the road.
The worst passwords of 2016 were just as bad as those of 2015 or 2011. Sadly, 2017 will be no different unless websites and services start enforcing stronger passwords. The trade-off between convenience and security is mostly made in favor of convenience, which is why the use of good passwords is generally not enforced. Two-Factor authentication ads a layer of protection, but even when available this is often not enabled by the user as it ads an extra step in getting to their content. While more awareness of tools such as password managers and Two-Factor authentication will increase this year, it will be a few more years before the state of weak password usage improves.
How to Protect Your Mac in 2017 and Beyond
To protect yourself, your data and your wallet this year, be the change. Start by using a password manager to secure not only your passwords but also your credit card information, notes with sensitive information, and more. Other best practices include the use of a VPN when on a public Wi-Fi network, keeping your operating system and applications up to date, uninstalling Flash Player and other vulnerable plug-ins (or installing updates only directly from the vendor that publishes them), and reading the latest security news on websites, such as the Mac Security Blog, to stay current on the latest threats that may impact you.
Spreading the word is, of course, a great idea. When you learn of a vulnerability or a new best practice in security, pass it on! This is how security awareness will spread, which will eventually lead to a more secure user base.
How can I learn more?
Each week on the Intego Mac Podcast, Intego’s Mac security experts discuss the latest Apple news, security and privacy stories, and offer practical advice on getting the most out of your Apple devices. Be sure to follow the podcast to make sure you don’t miss any episodes!
You can also subscribe to our e-mail newsletter and keep an eye here on The Mac Security Blog for the latest Apple security and privacy news. And don’t forget to follow Intego on your favorite social media channels: