More From Forbes
My first experience of technology platform wars was back in 1985 when the protagonists were Amiga and Atari. I was an Amiga person and went on to write about the platform for many publications in the next decade. There have been many such battles of the brand since, but none has had the longevity of Apple Vs. Microsoft. Or, more precisely, Macs against Windows machines. A newly published report into the state of malware, however, threatens to expose a new dimension to the old debate: cybersecurity threat wars. The Malwarebytes research uses data from product telemetry, honeypots, and assorted threat intelligence metrics to analyze the threats to both consumers and businesses across 2019. One of the more interesting trends to be identified concerns the platform-specific nature of cybersecurity threats. Mac threats, the report reveals, increased exponentially in comparison to Windows ones. I’ll let that sink in for a moment.
The 2020 Malwarebytes “State of Malware Report,” took a deep dive into the real-world threats that faced Android and iOS users, browser-based attacks and both Mac and Windows PCs. Having crunched the numbers and analyzed the data, the report concludes that the volume of Mac threats increased by more than 400% year-on-year in 2019, outpacing Windows “threats per endpoint” by a ratio of nearly two to one. That latter number being the more important as it allows for the fact that Malwarebytes has a larger Mac userbase than Windows.
Digging deeper into the threats themselves, the report suggests that only one of the Mac threats in 2019 didn’t involve tricking the user into downloading and executing something malicious. That incident was when cryptocurrency companies, including Coinbase, were targeted using a Firefox zero-day vulnerability as the malware infection vector. “This was the first time such a vulnerability had been used to infect Macs in any significant way since 2012,” the researchers said, “when Java vulnerabilities were used repeatedly to infect Macs.” Most of the Mac threats, it would appear, were of the adware variety and found to be “far outpacing growth on the Windows side.” Sure, adware isn’t as great a threat as ransomware, which has continued to impact Windows systems across 2019, but it does still display “malicious and persistent behaviors to trick users into a false sense of security.”
The report goes on to reveal that more front and center malicious behavior from Mac files is also increasing year-over-year, employing ever more inventive and deceptive approaches to escape Apple detection. Malware “breakthroughs” impacting iOS, the report said, “may have the tech behemoth reconsidering whether they should allow anti-virus products on their beloved mobile devices.”
Taking a cursory look at my own media coverage here, I have reported on far more Windows threat stories than Mac ones. Everything from state-sponsored campaigns through to critical vulnerabilities in browsers for Windows users and numerous critical security alerts as well as advice on securing Windows 10.
This doesn’t mean that Apple has escaped scrutiny, just that there are fewer security incidents of note to report. The odd iPhone-specific piece of malware, and even a Siri ‘feature’ that left Apple Mail encrypted text unencrypted. Mostly, though, when I’ve written about Apple from the security perspective it has been to offer advice on securing an Apple Watch 5, or looking at apps that know if your iPhone has been hacked.
The Malwarebytes researchers, however, concluded that what the 2019 threat landscape tells us as we move further into 2020, is that “it’s time to take a good hard look at Mac security and finally get serious.” A rise in pre-installed malware, adware, and multi-vector attacks signals that threat actors are becoming more creative and increasingly persistent with their campaigns,” Marcin Kleczynski, CEO of Malwarebytes, said, “it is imperative that, as an industry, we continue to raise the bar in defending against these sophisticated attacks.”
So, what does the infosecurity industry make of this analysis and the broader concept of cybersecurity platform wars? I thought I’d ask and find out.
Is there any place for platform wars in your cybersecurity strategy?
“Cybereason is seeing a noticeable increase in malware strains and threat groups that are targeting Mac systems,” says Israel Barak, CISO at Cybereason, “we are also seeing a steady increase in the level of sophistication in the tools being used to target Mac systems and in particular, the use of built-in operating system capabilities (living-off-the-land) to better evade detection.” Tim Erlin, vice-president of product management and strategy at Tripwire, isn’t convinced that, as a standalone statistic, it matters whether Mac or Windows malware is the more prevalent. “The prevalence of malware for a particular platform is really a reflection of the target environment,” Erlin says, what is important is to “ask the follow-up questions of why the focus of malware authors may have changed, or how changes in malware trends impact defensive priorities.”
Oliver Pinson-Roxburgh, the co-founder of Bulletproof, says that “the larger population of corporate laptops are Windows-based, and they provide the greatest opportunity, which is why we see more malware for Windows systems specifically.” Of course, as the Malwarebytes analysis suggests, the balance can shift as a different OS gains market share, or more lucrative vulnerabilities appear. Pinson-Roxburgh points out that “we only know about the vulnerabilities and malware that the more targeted hackers want us to know about, why leak that you have a Mac Zero-Day if you can keep it hidden and benefit from it?” Then there’s the small matter of misplaced trust. “Unfortunately, there are a lot of Mac users out there entirely trusting the fact that macOS architecture and the higher amount of Windows PCs connected to the internet, will prevent bad actors from targeting them,” Felix Rosbach, product manager at comforte AG, says. “It is absolutely crucial to implement cybersecurity countermeasures on both platforms,” Rosbach concludes, “independent of any malware statistics.”
Martin Jartelius, CSO at Outpost24, says that the malware platform matters less than the factors behind such growth trends. “If we, for example, make the assumption that this is due to a technical difference,” Jartelius says, “it may drive decisions for risk mitigation. If we assume it’s due to the degree of commercial adoption of one platform over the other, we may not be able to make the same conclusions.” It’s a pointless discussion, Jartelius tells me, “you will need awareness, hardening, patching and anti-virus software regardless of the chosen platform.” It all depends, says Tom Hegel, a security researcher at AT&T Cybersecurity’s Alien Labs, on your threat modeling. “The number of threats may not really matter to an organization which is highly targeted by capable attackers,” Hegel says, “however, an individual’s personal device may have a higher chance of being infected with something by using the devices with a wider variety of threats.”
David Jemmett, CEO of Cerberus Sentinel, says that people are under a delusion about the Mac malware threat being less than Windows. “You must first understand that Mac is built on a UNIX platform with a GUI interface,” Jemmett says, “seasoned hackers have been penetrating or taking over UNIX systems since the beginning of ARPANET.” Jemmett agrees with the premise that cybercriminals don’t care what OS, machine or type of connection you have to the internet. “They only care if they can extract money from the source of an attack,” he says, “Mac users as a whole have heard the myth they are safer with Mac than a Windows PC. Those statements are false and should be stricken from anyone’s thoughts and taken out of everyone’s vocabulary.”
“From the perspective of a defender within an organization,” Javvad Malik, security awareness advocate at KnowBe4, says, “it is usually good to have information about the latest malware and the operating systems it targets.” Historically, this has meant Windows malware has been more prevalent because of OS market domination. “But now with more Macs making their way into organizations, there are going to be more Mac-focused attacks,” Malik says. However, in the broader scheme of things, does this matter when many organizations, for example, have adopted cloud to some extent? “We see attacks such as credential stuffing to gain access to corporate accounts, which are operating system agnostic,” Malik says, “in the large scheme of things, it really doesn’t matter all that much which operating system malware is increasing on if we still can’t prevent the basic steps of intruders getting in.”
Jonathan Knudsen, a senior security strategist at Synopsys, uses the analogy of choosing somewhere to live to explain how cybercriminals follow value. “At first glance, you might choose an apartment building with a low incidence of crime,” Knudsen says, “however, as more people move to the building, its value as a target for crime increases. In the short term, you might reduce risk by following statistics, but you still need to take appropriate steps to keep yourself safe and your belongings secure.” Statistics and metrics about Windows Vs. Mac malware are, perhaps, interesting to look at in their own right, according to Michael Barragry, the operations lead at edgescan, “but have perhaps become less relevant as both organizations have matured and both are deeply embedded throughout global organizations, so offer high-value targets for malware and similar attacks.”
I will leave the last, self-admittedly obtuse, word to Chris Clements, vice-president of solutions architecture at Cerberus Security. “You and a friend are walking down the street with different colored shirts on,” Clements says. One hundred feet ahead, two attackers step out and aim a gun at each of you. The attacker targeting you (macOS) is using a revolver, the attacker targeting your friend (Windows) has a fully automatic M16. “Just because you are less likely to get shot doesn’t make you any less dead if you are…”
Davey is a three-decade veteran technology journalist and has been a contributing editor at PC Pro magazine since the first issue in 1994. A co-founder of the Forbes
Davey is a three-decade veteran technology journalist and has been a contributing editor at PC Pro magazine since the first issue in 1994. A co-founder of the Forbes Straight Talking Cyber video project, which has been named ‘Most Educational Content’ at the 2021 European Cybersecurity Blogger Awards, Davey also won the 2020 Security Serious ‘Cyber Writer of the Year’ title. A three-time winner of the BT Security Journalist of the Year award (2006, 2008, 2010) I was also fortunate enough to be named BT Technology Journalist of the Year in 1996 for a forward-looking feature in PC Pro called ‘Threats to the Internet.’ In 2011 I was honored with the Enigma Award for a lifetime contribution to IT security journalism. Contact me in confidence at [email protected] if you have a story to reveal or research to share.