If you still think malware on a Mac is more myth than reality you may want to talk to the security engineers over in Cupertino at a rather prestigious fruit company.
According to Reuters, “Apple Inc. was recently attacked by hackers who infected the Macintosh computers of some employees”.
More specifically Apple engineers had their Mac OS X laptops infected by the same zero-day Java vulnerability that infected Facebook last week.
In a statement Apple made to The Loop an Apple spokesperson said “The malware was employed in an attack against Apple and other companies, and was spread through a website for software developers.”
From the information that is publicly available this statement reaffirms that this is likely what has become known as a “watering hole attack”.
The concept is that it is much easier to compromise a site where people might frequently go than it is to assault the company directly.
Trying to break through all of the layers of protection at Facebook and Apple is going to be extremely difficult.
Yet it might be much easier to compromise the security of a small application developer’s website that Apple, Facebook and other high value targets might frequently visit.
I think it is fair to say Apple’s OS X is popular enough among people who are likely to be targeted by malware that it is no longer being neglected by the criminals behind online attacks.
Those people who have said “only dumb Mac users would voluntarily install malware” might be surprised to learn that even Apple’s own engineers can fall victim to a drive-by.
This isn’t about the capability of a user or about the kinds of websites one might choose to frequent. An unpatched vulnerability impacts all of us the same way.
This is why it is essential to run anti-virus regardless of the platform in use. It is also important to carefully monitor network traffic by using an IPS and firewall.
Things do get past anti-virus and an effective defense starts with preventing the infection at the start, but detecting it if you aren’t able to stop the infection.
People often think of their firewall as a simple blocking mechanism, but it also serves a forensic purpose.
If you are Apple or Facebook and you need to know what data may have been ferreted off to your criminal overlords the detailed logs from your monitoring solutions are essential to the forensic investigation team.
While it might be unwieldy to keep two or three years worth of logging, it may well be worth your trouble if you are faced with a targeted compromise.
What should you do as a result of this? If you are a Mac user you should be sure to keep your computer patched. Apple stated they will be releasing a Java malware removal tool this afternoon to respond to this attack.
To be fair, that advice applies to all computer users whether they prefer Windows, OS X or Linux. Many times staying safe isn’t convenient, but it is an investment that pays off in the long run.Follow @chetwisniewski