This article can also be found in the Premium Editorial Download "Information Security magazine: Security Readers' Choice Awards 2012: Your picks for the best security products."
Download it now to read this article plus other related content.
Conventional wisdom about malware targets is evolving with the emergence of cross-platform malware into the cybercriminal's arsenal.
Over the last year, cross-platform malware,
In April, the Flashback Trojan targeted computers running Mac and Windows by exploiting a security vulnerability in Java. Microsoft published a blog post in July about how it has become beneficial for cybercriminals to attack multiple operating systems through one Trojan. Also in July, security companies detected the Crisis Trojan, which targets Mac OS X systems. Symantec researchers then discovered that the Windows version of Crisis is able to spread to VMware virtual machines and Windows Mobile devices. There have been other cross-platform malware attacks, and experts say there will be more. Now that cybercriminals have figured out a way to infect multiple operating systems, Chester Wisniewski, senior security advisor at Sophos, says they will recycle cross-platform malware, as they have done with other attack templates.
Experts said the cross-platform approach is dangerous partly because of attitudes toward security. Wisniewski says that because most Windows users have experienced a large volume of potential threats, they know they need to protect their systems. This is not true for users of other operating systems.
"People have been lulled into thinking they don’t need protection for Macs" and other systems, he says.
"It doesn't matter what brand you're on," Wisniewski says. He recalled an instance when a customer received a suspicious link and didn’t click on it on the computer; instead, the customer used an iPad to check the link. Experts, including Wisniewski, say this type of thinking is dangerous.
The division of IT teams is another concern. Enterprises often have two teams, a network group and an endpoint group. Wisniewski says these groups need to coordinate and share information so security breaches don’t slip through unnoticed. An issue observed on the network may be brushed aside, he says, but when connected to issues on the machines could reveal a more serious problem.
The same security mechanisms and fixes may not work across all platforms, Cameron Camp, security researcher at ESET says and an official strategy would need to reflect this. Wisniewski believes operating systems should be monitored similarly.
"As much as possible, the operating systems should be treated the same," he said. "Make sure Mac and Linux are being monitored in the same ways as Windows."
About the author:
Moriah Sargent is an editorial assistant for SearchSecurity.com. Send comments on this article to firstname.lastname@example.org.
This was first published in September 2012