With the Flashback malware being more widespread on Mac machines than previously thought, should enterprises consider investing (time or money) in new ways to harden their Mac environments against Flashback and similar malware?
Enterprises should certainly be conducting Mac hardening to protect their Mac-based environments against malware and other malicious attacks, not just because of Flashback. Apple's "Macs are secure" marketing message has been so effective over the years that many enterprises have never felt the need to spend time and money educating their users about security, never mind backing up those lessons with robust security controls. However, as the use of Macs and all things Apple becomes more widespread, so will the number of hackers choosing to target Mac users as they look for new soft targets.
Ask a question
SearchSecurity.com expert Michael Cobb is standing by to answer your questions about enterprise application security and platform security. Submit your question via email: firstname.lastname@example.org.
From the cybercriminals' perspective, the success of Mac products translates into a user base that is now big enough to be profitable for hackers. They can now invest time and money into figuring out how to exploit what has become an attractive situation: unprotected systems of security-unaware users.
Flashback served as a watershed moment for this trend. It managed to infect an estimated 700,000 Macs. Researchers suggest that the initial vector of attack for the Flashback malware was WordPress sites that had been infected. Attackers placed code on compromised sites that redirected users to a server that would attempt to infect vulnerable machines. This situation indicates that the dangers of "drive-by" attacks need to be clearly explained to enterprise Mac users so they understand that they're not immune from the growing reach and sophistication of modern hackers.
When it comes to hardening Macs on an enterprise network, enterprises certainly need to follow Apple's Mac OS X Security Configuration Guides, which give instructions and recommendations for securing and maintaining Mac OS X systems. The Information Assurance Directorate at the National Security Agency also produces free security guidance documents on improving the security of all kinds of applications and operating systems, including Macs. In addition to technical controls, it's wise to provide security awareness training for users, especially since, as noted above, security is a relatively new concern for most Mac users.
But to cover a few of the technical details, enterprises with Mac users should deploy antivirus protection across the enterprise. All the major antivirus vendors, including Symantec Corp., McAfee Inc., ESET and Avast Software, offer Mac-specific anti-malware systems for enterprises; and centralized management can employ proactive protection methods including heuristic analysis, generic protection and on-access scanning to detect and remove threats.
Such anti-malware products can prevent users from initially reaching malicious sites and often provides some protection until a patch is ready and installed. Beyond deploying AV software, enterprises can consider whitelisting or blacklisting applications to reduce the overall attack surface by ensuring that users only have approved and necessary programs. Until enterprises with Mac users begin to take Mac security seriously, though, cybercriminals will increasingly perceive them as soft and exploitable targets.
This was first published in September 2012