Malware + Recommended + Security & Privacy

Targeted Malware Attacks and the Importance of Layered Protection

Posted on January 24th, 2017 by

Mac Security Layers of Protection

Two weeks ago, the Intego team analyzed a malware sample that was discovered by a university IT admin. The malware was discovered as their network security team noticed some strange traffic on the network originating from a Mac Pro. Upon investigating, the IT admin discovered a hidden file, which ultimately turned out to be responsible for the suspicious traffic. At the time of discovery, the file was not recognized by VirusTotal as malware, but found its way to several anti-virus companies, Intego included. The file turned out to be malware and has since been covered in the media, named OSX.Backdoor.Quimitchin.

Intego analyzed the file, outlined how it functioned and what it was capable of, but without knowing how the Mac was infected, or when it was infected, and because the sample appeared to no longer function, Intego updated its Mac anti-virus malware database but opted not report on it.

To protect against this malware just in case it was out in the wild, detection for the malicious files were added to Intego VirusBarrier, identified as OSX/ClientCapture (executables), Perl/ClientCapture (Perl scripts), and Java/ClientCapture (Java class).

The ClientCapture malware mentioned above may have been on that machine for a few years, surviving several OS X upgrades. It appeared to have been part of a targeted attack, and not a single commercial anti-malware product knew of its existence until recently. If it wasn't for the university's network security team, it probably would not have been found at all.

An aggressive network scan originating from the infected machine is the reason it got flagged by the university's network security team. Thorough work from the IT admin uncovered the hidden file, and further analysis from the security community and anti-virus vendors revealed all there is to know about it. In the span of a few days, a lot of people in different countries with different job titles got involved and dragged this particular piece of malware out of the shadows.

Intego customers are protected against this, but other small scale attacks do exist in which someone who wants to specifically target another person and might be able to get physical access to the device. So how do you protect yourself against such small scale attacks that might go under the radar for some time before they're discovered?

Layers of Protection

Multiple layers of protection are the only way to really guard against such targeted attacks. Not everyone has a dedicated network security team and IT admin available, but what if you could have that? Your own network security team sounds expensive, doesn't it? A team of people that all need to be paid, the hardware required for them to do their jobs, it adds up quick! So what the next best thing? Software network security, of course!

With a variety of threats targeting you nowadays, the best defense is implementing layers of protection, and that's how you should judge potential security software solutions. Anti-virus can stop malicious files, but it's not enough to prevent the other worries from filtering through and ruining your stuff.

Below are a few examples of different layers of protection, and each provides a layer of security in their own way. You are not limited to just one or two layers, you can add as many as you like so long as they do not interfere with each other.

Let's have a look at the layers of protection included with Intego's Mac Premium Bundle:

Intego NetBarrier

Intego NetBarrier X9Running Intego NetBarrier on your Mac is like having your own personal network security, only a lot more affordable. No team to pay and the hardware it needs is the one you already have. NetBarrier can flag both incoming and outgoing connection attempts, so in the case of hidden malware not currently detected by any commercial anti-virus software, you would quickly be made aware of its existence when it attempts to perform a network scan or contact external C&C servers. A sophisticated two-way firewall like NetBarrier adds a very good layer in your security, and it keeps hackers out of your Mac.

What about an IT admin? Surely those don't come cheap and good ones are hard to find. Luckily, you can get firewall software like NetBarrier that watches your Mac for any malicious activity, and while not an actual skilled IT admin, it can alert you about malware before an IT admin has to get involved.

Intego VirusBarrier

VirusBarrier X9 iconWatching your Mac around-the-clock for any hints of malware and potentially unwanted programs (PUP's), Intego VirusBarrier is a valuable layer of protection. The anti-virus software prevents malicious files from infecting your Mac. Downloads, email attachments, external drives and even the flash drive that someone might be plugging into your Mac with less-than-honorable intentions are all scanned.

VirusBarrier is a sophisticated anti-virus software that prevents malicious files from infecting your Mac, but don't rely on it to stop hackers—that's a job for NetBarrier—and you should be sure to secure your sensitive data, too.

Mac Washing Machine

Mac Washing Machine X9 iconA cluttered hard drive means a more stressed out hard drive. It has to work harder to find the files you request, runs hotter because of it, and ultimately its lifespan may be reduced significantly. All this is amplified as less space becomes available on the drive. Enter Mac Washing Machine, simple to use software that makes it easy to get rid of junk files that slow down your Mac, as well as duplicate files that take up needed space, and even applications you never use. As an added benefit, Mac Washing Machine also helps you stay organized and can automatically organize your heap of Desktop files into the right folders.

Hard drive failure means you can lose your data, and ultimately what Mac Washing Machine does is protect your data by relieving common stressors on your hard drive.

Personal Backup

Intego Personal Backup X9 iconSpeaking of data security, if you do suffer a hard drive (or solid state drive) failure, a backup will dictate how much of your data is recovered and how recent that data is. Of course, you're already using macOS's built-in Time Machine feature, but what if both your Mac and backup drive are destroyed in a fire or encrypted by ransomware? Malware, hackers, or system issues can all corrupt or delete your important files, leaving you with nothing. Therefore, you want to backup your data in multiple places (because two backups are better than one), and one of those places, preferably, should be off-site. Personal backup can help you do just that.

If you have multiple hard drives, flash drives, local servers, remote servers or another Mac you want to keep in sync, Personal backup can create a safe copy of your data on it. It's incredibly flexible, and it can handle almost any backup schedule you want! Together, with Apple's Time Machine, this one-two punch ensures you don't lose any important files.

ContentBarrier

ContentBarrier X9 iconThere is a layer of protection that is often overlooked because not everyone needs it, and it's the security of your children. Having an anti-virus, firewall and a solid backup strategy will keep your data safe, but those layers are not properly equipped to keep your child shielded from all the inappropriate content they can be exposed to online. Intego ContentBarrier was designed for just that purpose; with content filtering and parental controls, you don't have to worry about what sort of Internet content your children can access.

ContentBarrier's configuration is very flexible and enables you to block specific categories of websites, such as Adult, Gambling, and more. Its anti-predator chat monitoring is a very powerful feature as well, which monitors all standard chat protocols and can recognize certain words, phrases or abbreviations that may indicate objectionable or inappropriate things are discussed that could lead to trouble. Instant notifications mean you can ensure your child's online safety by instantly blocking online access even when you're not home.

What about macOS built-in security features?

macOS Sierra iconHardening your macOS installation itself will add several layers of protection, too. This includes enabling automatic updates, using encryption features like FileVault, setting a screensaver password, disabling Bluetooth when not in use, and keeping plug-ins like Flash Player and Java off your system. By using multiple layers of protection, you're keeping your digital life safe, clean, and secure.

These are just a few layers you can enable to keep your data, privacy, personal information and children safe. "The best security comes in layers" is not just a phrase we throw around in the security community, it's true and has been proven effective many times over. With security coverage from multiple angles, it becomes very hard for existing or yet to be discovered malware to infect your Mac.

Layered security can be implemented at any time. During the first setup of your Mac or further down the road, these layers can be implemented quickly and easily. Spending 10 minutes implementing it now can save you hours or days of troubleshooting down the road. Give it a try and let us know which security layers are protecting you!

About Jay Vrijenhoek

Jay Vrijenhoek is an IT consultant with a passion for Mac security research. He conducts independent malware protection tests, and also writes about privacy and security related matters on his blog Security Spread. Follow him on Twitter at @SecuritySpread. View all posts by Jay Vrijenhoek →

Sign up For Our Newsletter

Get the latest Mac security news direct to your inbox.

{"url":"\/marketo\/json\/add-to-newsletter","data":"list_name=Blog Roadblock"}