0
Mac OS X Malware: From Myth toMainstreamVicente Diaz, Senior Security Analyst, Global Research & Analysis Team, Kaspersky ...
Mac OS X: security from a user´s perspective
Wait a minute…
The cybercriminals’ checklist                            Recipe for an infection:                            1.Vulnerabili...
Mac OS X vulnerabilities in the past…
And even more vulnerabilities now 450 400 350 300 250                                                                   Ad...
Apple’s management of Mac OS X vulnerabilities                          32 days                          20 days          ...
The cybercriminals’ checklist                            Recipe for an infection:                            1. Vulnerabil...
Mac OS X’s pre-installed protection measures                               ASLR      Stack protection        XProtect     ...
Introducing … Xprotect (aka File Quarantine)             Live Demo
The future of Mac OS X protection
The cybercriminals’ checklist                            Recipe for an infection:                            1. Vulnerabil...
Attack vectorsTargeted attacksCompromised websitesBlack Hat SEO
The cybercriminals’ checklist                           Recipe for an infection:                           1. Vulnerabilit...
If what you say is true…show me the malware
Mac OS X malware over time                  Scareware             Remote control    2008                       2010       ...
100                                                 150                                                       200         ...
Case Study 1: Flashback
Flashback attack method
Flashback attack vector          Main infection vector: Hacked WordPress sites          Late February to early March: betw...
Geographical distribution of infected Mac OS X computers
Case Study 2: SabPub
Advanced Persistent Threat targeting MAC OS X users  The “10th March Stamnet”   Doc files from 2010, rearmed with new     ...
What has changed?
Mac OS X’s growth in market share
Call to action: Apple’s security update process• Allow Oracle to patch Mac OS X vulnerabilitiesin Java directly, rather th...
Conclusions & predictions for users• The myth of Mac OS X being  invulnerable to malware has been  shattered• Use AV softw...
Thank YouVicente Diaz, Senior Security Analyst, Global Research & Analysis Team, Kaspersky Lab@trompiKaspersky Security fo...
Mac OS X Malware: From Myth to Mainstream
Upcoming SlideShare
Loading in...5
×

Mac OS X Malware: From Myth to Mainstream

1,223

Published on

Published in: Technology, News & Politics
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,223
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
2
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • Users feel like they are invulnerableApple itself decided back in 2008 that it would not suggest using any antivirus packageThe company’s stance is quite contradictory however: they say it offers additional security … when supposedly it is not needed!
  • Wow, those guys are great! However, just to be sure, let’s check it out
  • Java vulnerabilties: patchesprovidedby Oracle, but Java isresponsibleforthis JRE implementation and patchingUsers of OSX olderthan Snow Leopard are notcovered!Tiger wasreleasedlessthan 5 yearsago and isnotcovered. Thislifespanistoo short, especiallyforbusinessusers
  • In the case of Office, third-party software was the open door – but faulty ASLR implementation made the exploit possible.TheJava patch was made by Oracle, but Java is still responsible as they implement their own version of the JRE. In this case the problem was a logic bug that allowed the attack to jump out of the sandbox in a privileged environment.
  • It took four years to get even basic anti-exploit measures fully implemented on Lion.Apple’s vision is to prevent its computers from running software apart from trusted apps sold in its stores, and storing its data in iCloud.BUT: if the cloud is compromised (see dropbox problems); if the apps in the appstore are compromised (see android marketplace problems); if the user does not stick to the rules, or the ecosystem is broken (jailbreaks), then the risks remain. Exploits are still possible, social engineering is still possible, credentials can still be stolen and malicious code can be developed and deployed.This raises the bar on Mac OS X security and makes it harder and more expensive to attack an Apple machine. That’s the good news. But don’t get carried away: the system will still be a target.
  • These are the main attack vectors, and we have examples of all of them. But there are many other possibilities as well.
  • Wow, those guys are great! However, just to be sure, let’s check it out
  • Imunizator (scareware), DNSChanger (fake codec), HellRaiser (Remote control), MacDefender (fake AV)
  • The amount of malware targeting Macs rocketed in 2011
  • Source:https://www.securelist.com/en/analysis/204792227/The_anatomy_of_Flashfake_Part_1
  • sum-up stats based on IP addresses (not UUID) which were found in the botnet during the whole period of research
  • Two versions of SabPub have evolved quickly to use new exploitsATP active (goat machine)Wake-up call for companies, governments and business users using Mac OS XGangrelated to LuckyCat.
  • The market share shows the tipping point. Is not the number of samples or vulnerabilities, it is the number of potential victims.Fairly significant share among business users and advanced markets.
  • Allow Oracle to patch Mac OS X vulnerabilities in Java directly rather than issuing your own security updates. Make security a priority and take the onus off the user to install security updates. Issue updates that install automatically on users’ systems rather than sending reminder prompts. Teach users how to enhance the security settings on their computers so they don’t fall victim to cybercriminals and mass-malware attacks. Swifter response to new security vulnerabilities. Do not wait several months to issue an update – the longer the delay, the longer cybercriminals can exploit the problem.
  • Mac OS X is no safer than any other operating system – take security updates seriously and install them as soon as they’re available.Use antivirus software: the myth of Mac OS X being invulnerable to malware has been shattered.Increased market share motivates cybercriminals. Expect more drive-by downloads, mass-malware attacks and Mac OS X-based botnets to appear.Apple is pushing for a more controlled ecosystem (GateKeeper) but this will be a cat-and-mouse game instead of a bulletproof security solution.Expect cross-platform exploit kits with Mac OS X-specific exploits included.
  • Transcript of "Mac OS X Malware: From Myth to Mainstream"

    1. 1. Mac OS X Malware: From Myth toMainstreamVicente Diaz, Senior Security Analyst, Global Research & Analysis Team, Kaspersky LabKaspersky Security for Mac Launch Event, Moscow, 14-16, May 2012
    2. 2. Mac OS X: security from a user´s perspective
    3. 3. Wait a minute…
    4. 4. The cybercriminals’ checklist Recipe for an infection: 1.Vulnerability 2.Exploit 3.Attack vector Or 4.Fooling the user
    5. 5. Mac OS X vulnerabilities in the past…
    6. 6. And even more vulnerabilities now 450 400 350 300 250 Advisories Vulnerabilities 200 150 100 50 0 2008 2009 2010 2011 2012*Source: Apple Security Updates: http://support.apple.com/kb/HT1222
    7. 7. Apple’s management of Mac OS X vulnerabilities 32 days 20 days 48 days
    8. 8. The cybercriminals’ checklist Recipe for an infection: 1. Vulnerability 2. Exploit 3. Attack vector Or 4.Fooling the user
    9. 9. Mac OS X’s pre-installed protection measures ASLR Stack protection XProtect 2005 No No Only warningsOSX 10.4 Tiger 2007 Buggy - Optional Only warnings uselessOSX 10.5 Leopard 2009 Buggy - OS compiled with Enhanced useless protectionOSX 10.6 Snow Leopard 2011 Fully OS compiled with Enhanced implemented protectionOSX 10.7 Lion
    10. 10. Introducing … Xprotect (aka File Quarantine) Live Demo
    11. 11. The future of Mac OS X protection
    12. 12. The cybercriminals’ checklist Recipe for an infection: 1. Vulnerability 2. Exploit 3. Attack vector Or 4. Fooling the user
    13. 13. Attack vectorsTargeted attacksCompromised websitesBlack Hat SEO
    14. 14. The cybercriminals’ checklist Recipe for an infection: 1. Vulnerability 2. Exploit 3. Attack Vector Or 4. Fooling the user
    15. 15. If what you say is true…show me the malware
    16. 16. Mac OS X malware over time Scareware Remote control 2008 2010 2009 2011DNSChanger FakeAV
    17. 17. 100 150 200 250 300 50 0 2003.08 2004.12 2005.08 2005.09 2005.10 2005.11 2005.12 2006.02 2006.03 2006.07Source: Kaspersky Lab 2006.11 2006.12 2007.01 2007.05 2008.01 2008.05 2008.06 2008.07 2008.11 2009.01 2009.05 2009.09 Mac OS X’s malware evolution 2009.10 2009.11 2009.12 2010.01 2010.02 2010.03 2010.04 2010.07 2010.10 2010.11 2010.12 2011.02 2011.05 2011.06 2011.08 2011.09 2011.10 2011.11 2011.12 2012.01 2012.02 2012.03 2012.04
    18. 18. Case Study 1: Flashback
    19. 19. Flashback attack method
    20. 20. Flashback attack vector Main infection vector: Hacked WordPress sites Late February to early March: between 30,000 and 100,000 sites were hacked 85% of hacked sites were based in the U.S. Traffic hired from partner program associated with the rr.nu gang Depending on OS and browser, victims are redirected to an exploit
    21. 21. Geographical distribution of infected Mac OS X computers
    22. 22. Case Study 2: SabPub
    23. 23. Advanced Persistent Threat targeting MAC OS X users The “10th March Stamnet” Doc files from 2010, rearmed with new exploits CVE-2009-0563 – targets Office CVE-2012-0507 – targets Java Installs backdoor on victim´s machine APT is currently ACTIVE
    24. 24. What has changed?
    25. 25. Mac OS X’s growth in market share
    26. 26. Call to action: Apple’s security update process• Allow Oracle to patch Mac OS X vulnerabilitiesin Java directly, rather than issuing your ownsecurity updates.• Implement automatic security updates for usersystems• Respond faster to new security vulnerabilities tominimize window of exploitation
    27. 27. Conclusions & predictions for users• The myth of Mac OS X being invulnerable to malware has been shattered• Use AV software and proper security practices to protect yourself• Mac OS X mass-malware attacks will increase. This will include drive-by downloads and Mac OS X-based botnets• Expect cross-platform exploit kits with Mac OS X-specific exploits• Apple is pushing for a more controlled ecosystem (GateKeeper) but this will be a cat-and-mouse game.
    28. 28. Thank YouVicente Diaz, Senior Security Analyst, Global Research & Analysis Team, Kaspersky Lab@trompiKaspersky Security for Mac Launch Event, Moscow, 14-16, May 2012
    1. A particular slide catching your eye?

      Clipping is a handy way to collect important slides you want to go back to later.

    ×