We're a little over a month into 2017 and fresh reports of new malware have already surfaced, including small scaletargeted attacksand a new Mac threat just lastweek masquerading as an Adobe Flash Player update . Sure enough,2017 promises to be a lot more eventful, so what's on the horizon?
There are a number of troubling trends and macOS threats that consumers and businesses should be aware of, both native to Apple's operating system and also within the wider security sphere. What are these troubling trends, you ask? Intego presents to you the following Apple security predictions and what you can expect to see in 2017.
DDoS AttacksDistributed Denial of Service (DDoS) is nothing new, in fact, theyhavebeen around for a long time and arenotgoing anywhere anytime soon. What we will see, however, is an increase in frequency and size this year. With the source code for IoT botnet Mirai available to anyone, we anticipate thatit may be used in attacks similar to what we sawlast year.
With manufacturers of networking equipment and IoT devices being sued now, hopefully this will prompt other manufacturers to build more secure equipment. This will give botnets, such as Mirai, less ammunition. Until things improve, however, we'll see targeted sites being attacked with ever increasing bandwidth. DDoS and the Internet as a whole might feel this again if DNS providers find themselves in the crosshairs of such attacks.
Router exploitsRather than attacking the user's web browser, malvertising campaigns have been focusing on finding router exploits. Why mess with an endpoint if you can control the network? Before the end of the last year, security researchers from Proofpoint discovered a campaign that found malicious ads serving exploit code to infect routers, instead of browsers, in order to insert ads in every site users are visiting.
For the same reasons that make botnets like Mirai so successful, thetechnique of going after unprotected or poorly secured hardware will likely be observed more this year as attackers makeuse of hardware vulnerabilities.
Data BreachesSome big names were the target of data breaches last year, Yahoo being the biggest. According to a new report by the Identify Theft Resource Center and Cyber Scout, the number of U.S. data breaches soared 40 percent to an all-time record high of 1,093 in 2016. To combat this growing threat, the Trump administration has vowed to strengthen America's cyber capabilities.
"Cyberwarfare is an emerging battlefield, and we must take every measure to safeguard our national security secrets and systems," reads a page on the official whitehouse.gov website.Still, we believe 2017will be no different than previous years, and that we will see quite a few more data breaches globally, including new ones and old hacks that went undiscovered until now.
linux as a targetBefore the end of 2016,a 0-day exploit was published that affected mainstream versions of Linux. With Linux users boasting all-toofamiliar"we're protected from most nasties out there" beliefs, whichMac users used to have (and most still do), it's starting to look like this is no longer the case. This year we may see more focus on Linux.
Mac MalwareWith macOS Sierra being a little trickier to infect with malware and the easy detection of most malware in the past through simple use of LaunchAgents, the easiest way to get to a user's money or data is through adware or PUPs. And historically the most effective way to get these on a Mac is through fake Flash Player updates. The updated defenses in macOS Sierra may have forced malware authors to learn new ways to properly infect a Mac, which could be the reason we have thus far not seen more ransomware and other malware.
Ransomware is something we thought we'd see more of last year, but surprisingly, this did not happen. With how successful ransomware is on the windows platform, it would be very unusual not to not Mac users. Though probably not very sophisticated, ransomware on the Mac will make another appearance this year.
Using techniques that have proven successful in the past to get malware/PUPs on a user's Mac, such as fake Flash Player updates and phishing, combined with smarter installers, such asSilverInstaller, and hijacking the download server of an existing product, plantingmalware on a target system can be done. The problem is scale. Getting all of the above mentioned factors set up―and making sure a large amount of users are drawn to it―is not exactly an easy task. We believe this year Mac users could encounter moreclever phishing emails or browser campaigns that will leverage such techniques to reach a big audience.
Flash Player PromptsWith major browsers now disabling Flash Player and other plug-ins by default, sites that previously automatically started Flash Player content will now prompt for it. As with frequent prompts in general, people get annoyed by them and will click anything to make them go away and to get to their content faster, without reading what the prompts actually say. This will make fake Flash Player or media player prompts more successful.
App Store as Attack Surface / Developer IDAs mentioned in the 2016 year in security review article , every piece of malware had one thing in common―a valid Developer ID. Bypassing Gatekeeper is an important step to ensure malware is installed by as many people as possible, so the use of a Developer ID has become very popular among malware authors. This trend will continue in 2017, andit will probably seep over into the App Store as well. There are already several apps in the App Store that promise anti-virus protection, but offer none whatsoever. At the time, these "antivirus" apps only take your money by charging for the app, it is not at all unreasonable to think suchapps will start serving malware down the road.
Password Security The worst passwords of 2016 were just as bad as those of 2015 or 2011. Sadly, 2017 will be no different unless websites and services start enforcingstronger passwords. The trade-off between convenience and security is mostly made in favor of convenience, which is why the use of good passwords is generally not enforced. Two-Factor authentication ads a layer of protection, but even when available this is often not enabled by the user as it ads an extra step in getting to their content. While more awareness oftools such as
