Date post: | 30-Nov-2014 |
Category: |
Technology |
Upload: | imagazinepl |
View: | 1,421 times |
Download: | 0 times |
Vicente Diaz, Senior Security Analyst, Global Research & Analysis Team, Kaspersky Lab
Kaspersky Security for Mac Launch Event, Moscow, 14-16, May 2012
Mac OS X Malware: From Myth to Mainstream
Mac OS X: security from a user´s perspective
Wait a minute…
Recipe for an infection:
1.Vulnerability
2.Exploit
3.Attack vector
Or
4.Fooling the user
The cybercriminals’ checklist
Mac OS X vulnerabilities in the past…
And even more vulnerabilities now
2008 2009 2010 2011 2012*0
50
100
150
200
250
300
350
400
450
Advisories
Vulnerabilities
Source: Apple Security Updates: http://support.apple.com/kb/HT1222
Apple’s management of Mac OS X vulnerabilities
32 days
20 days
48 days
The cybercriminals’ checklist
Recipe for an infection:
1. Vulnerability
2. Exploit
3. Attack vector
Or
4.Fooling the user
Mac OS X’s pre-installed protection measures
ASLR Stack protection XProtect
2005
OSX 10.4 Tiger
No No Only warnings
2007
OSX 10.5 Leopard
Buggy - useless
Optional Only warnings
2009
OSX 10.6 Snow Leopard
Buggy - useless
OS compiled with protection
Enhanced
2011
OSX 10.7 Lion
Fully implemented
OS compiled with protection
Enhanced
Introducing … Xprotect (aka File Quarantine)
Live Demo
The future of Mac OS X protection
The cybercriminals’ checklist
Recipe for an infection:
1. Vulnerability
2. Exploit
3. Attack vector
Or
4. Fooling the user
Attack vectors
Compromised websites
Black Hat SEO
Targeted attacks
The cybercriminals’ checklist
Recipe for an infection:
1. Vulnerability
2. Exploit
3. Attack Vector
Or
4. Fooling the user
If what you say is true…show me the malware
Mac OS X malware over time
2008 2010
20112009
Scareware
DNSChanger
Remote control
FakeAV
Mac OS X’s malware evolution
Source: Kaspersky Lab
2003
.08
2005
.08
2005
.10
2005
.12
2006
.03
2006
.11
2007
.01
2008
.01
2008
.06
2008
.11
2009
.05
2009
.10
2009
.12
2010
.02
2010
.04
2010
.10
2010
.12
2011
.05
2011
.08
2011
.10
2011
.12
2012
.02
2012
.04
0
50
100
150
200
250
300
Case Study 1: Flashback
Flashback attack method
Flashback attack vector
Main infection vector: Hacked WordPress sites
Late February to early March: between 30,000 and 100,000 sites were hacked
Depending on OS and browser, victims are redirected to an exploit
85% of hacked sites were based in the U.S.
Traffic hired from partner program associated with the rr.nu gang
Geographical distribution of infected Mac OS X computers
Case Study 2: SabPub
Advanced Persistent Threat targeting MAC OS X users
Doc files from 2010, rearmed with new exploits
CVE-2009-0563 – targets Office
CVE-2012-0507 – targets Java
The “10th March Stamnet”
Installs backdoor on victim´s machine
APT is currently ACTIVE
What has changed?
Mac OS X’s growth in market share
Call to action: Apple’s security update process
• Allow Oracle to patch Mac OS X vulnerabilities in Java directly, rather than issuing your own security updates.
• Implement automatic security updates for user systems
• Respond faster to new security vulnerabilities to minimize window of exploitation
Conclusions & predictions for users
• The myth of Mac OS X being invulnerable to malware has been shattered
• Use AV software and proper security practices to protect yourself
• Mac OS X mass-malware attacks will increase. This will include drive-by downloads and Mac OS X-based botnets
• Expect cross-platform exploit kits with Mac OS X-specific exploits
• Apple is pushing for a more controlled ecosystem (GateKeeper) but this will be a cat-and-mouse game.
Thank You
Vicente Diaz, Senior Security Analyst, Global Research & Analysis Team, Kaspersky Lab
@trompi
Kaspersky Security for Mac Launch Event, Moscow, 14-16, May 2012