informa
/
Risk
News

Next-Generation Threats: The Inside Story

Cutting-edge attacks like Stuxnet and Zeus will be the everyday security challenges of tomorrow. Here's what you need to know.
Sidebar: Is 2011 The Year Of The Mac Attack?

This year may be the one when cybercriminals turn their attention to the Mac, a platform they've pretty much left untouched. Several articles in the Russian hacker magazine Xakep have focused on attacking Mac OS X, suggesting that eastern European hackers may be developing attacks, says Steve Santorelli, a former Scotland Yard detective and director of global outreach for security research group Team Cymru Research.

Because of the dearth of threats, most Mac users don't run anti-malware programs. "If someone comes out with a browser exploit pack next year, we're going to see a lot of people get infected," Santorelli says. "So you may end up having a Zeus for OS X."

Apple's strict control of the Mac, simpler code, and better security model make it more secure than Windows. But OS X isn't fundamentally a more secure operating system than Windows 7, according to Santorelli. The reason there's only a small amount of OS X malware is because the application base is so much smaller.

In 2008, computer scientist Adam O'Donnell used game theory to calculate that malware would start to be a problem for OS X when Macs accounted for about 17% of the computer installed base. Macs now comprise about 11.5% of the U.S. installed base and about 5% worldwide, according to NetMarketshare.com.

Signs of interest from the criminal underground suggest that Apple users should beware. In October, a version of the Koobface virus, which spreads among Facebook users, targeted OS X users. The attack exploits vulnerabilities in Java software on the Mac to turn it into a command-and-control server for a botnet. --Robert Lemos

Recommended Reading:
Editors' Choice
Kirsten Powell, Senior Manager for Security & Risk Management at Adobe
Joshua Goldfarb, Director of Product Management at F5