With the Flashback malware being more widespread on Mac machines than previously thought, should enterprises consider...
investing (time or money) in new ways to harden their Mac environments against Flashback and similar malware?
Enterprises should certainly be conducting Mac hardening to protect their Mac-based environments against malware and other malicious attacks, not just because of Flashback. Apple's "Macs are secure" marketing message has been so effective over the years that many enterprises have never felt the need to spend time and money educating their users about security, never mind backing up those lessons with robust security controls. However, as the use of Macs and all things Apple becomes more widespread, so will the number of hackers choosing to target Mac users as they look for new soft targets.
Ask a question
SearchSecurity.com expert Michael Cobb is standing by to answer your questions about enterprise application security and platform security. Submit your question via email: email@example.com.
From the cybercriminals' perspective, the success of Mac products translates into a user base that is now big enough to be profitable for hackers. They can now invest time and money into figuring out how to exploit what has become an attractive situation: unprotected systems of security-unaware users.
Flashback served as a watershed moment for this trend. It managed to infect an estimated 700,000 Macs. Researchers suggest that the initial vector of attack for the Flashback malware was WordPress sites that had been infected. Attackers placed code on compromised sites that redirected users to a server that would attempt to infect vulnerable machines. This situation indicates that the dangers of "drive-by" attacks need to be clearly explained to enterprise Mac users so they understand that they're not immune from the growing reach and sophistication of modern hackers.
When it comes to hardening Macs on an enterprise network, enterprises certainly need to follow Apple's Mac OS X Security Configuration Guides, which give instructions and recommendations for securing and maintaining Mac OS X systems. The Information Assurance Directorate at the National Security Agency also produces free security guidance documents on improving the security of all kinds of applications and operating systems, including Macs. In addition to technical controls, it's wise to provide security awareness training for users, especially since, as noted above, security is a relatively new concern for most Mac users.
But to cover a few of the technical details, enterprises with Mac users should deploy antivirus protection across the enterprise. All the major antivirus vendors, including Symantec Corp., McAfee Inc., ESET and Avast Software, offer Mac-specific anti-malware systems for enterprises; and centralized management can employ proactive protection methods including heuristic analysis, generic protection and on-access scanning to detect and remove threats.
Such anti-malware products can prevent users from initially reaching malicious sites and often provides some protection until a patch is ready and installed. Beyond deploying AV software, enterprises can consider whitelisting or blacklisting applications to reduce the overall attack surface by ensuring that users only have approved and necessary programs. Until enterprises with Mac users begin to take Mac security seriously, though, cybercriminals will increasingly perceive them as soft and exploitable targets.
Related Q&A from Michael Cobb
Expert Michael Cobb explains how an HTTP referer header affects user privacy and outlines changes that can be made to ensure sensitive data is not ...continue reading
Expert Michael Cobb explains the difference between the REESSE3+ and IDEA block ciphers and explores when each is applicable in an enterprise setting.continue reading
While cookies are critical to delivering personalized Web content, they are a privacy concern. Learn how adding Bloom filters to cookies can help ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.