Conventional wisdom about malware targets is evolving with the emergence of cross-platform malware into the cybercriminal's arsenal.
Over the last year, cross-platform malware, sometimes referred to as multi-platform, has grabbed attention in the industry. This particular type of malware can infect different versions of operating systems and machines and is becoming more popular in the world of cybercrime. Microsoft's Windows platform has been the biggest target for malware creators, but experts say rising market shares of other operating systems has made the cross-platform approach more attractive and logical. Experts say enterprise security teams must address this malware trend on all platforms they use, whether they are desktop computers or mobile devices.
In April, the Flashback Trojan targeted computers running Mac and Windows by exploiting a security vulnerability in Java. Microsoft published a blog post in July about how it has become beneficial for cybercriminals to attack multiple operating systems through one Trojan. Also in July, security companies detected the Crisis Trojan, which targets Mac OS X systems. Symantec researchers then discovered that the Windows version of Crisis is able to spread to VMware virtual machines and Windows Mobile devices. There have been other cross-platform malware attacks, and experts say there will be more. Now that cybercriminals have figured out a way to infect multiple operating systems, Chester Wisniewski, senior security advisor at Sophos, says they will recycle cross-platform malware, as they have done with other attack templates.
Experts said the cross-platform approach is dangerous partly because of attitudes toward security. Wisniewski says that because most Windows users have experienced a large volume of potential threats, they know they need to protect their systems. This is not true for users of other operating systems.
"People have been lulled into thinking they don’t need protection for Macs" and other systems, he says.
"It doesn't matter what brand you're on," Wisniewski says. He recalled an instance when a customer received a suspicious link and didn’t click on it on the computer; instead, the customer used an iPad to check the link. Experts, including Wisniewski, say this type of thinking is dangerous.
The division of IT teams is another concern. Enterprises often have two teams, a network group and an endpoint group. Wisniewski says these groups need to coordinate and share information so security breaches don’t slip through unnoticed. An issue observed on the network may be brushed aside, he says, but when connected to issues on the machines could reveal a more serious problem.
The same security mechanisms and fixes may not work across all platforms, Cameron Camp, security researcher at ESET says and an official strategy would need to reflect this. Wisniewski believes operating systems should be monitored similarly.
"As much as possible, the operating systems should be treated the same," he said. "Make sure Mac and Linux are being monitored in the same ways as Windows."
About the author:
Moriah Sargent is an editorial assistant for SearchSecurity.com. Send comments on this article to firstname.lastname@example.org.