Threat Intelligence

12/12/2018
12:45 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Mac Malware Cracks WatchGuards Top 10 List

Hundreds of sites also still support insecure versions of the SSL encryption protocol, the security vendor reports.

Mac users may have known in their hearts that this was coming: For the first time, Mac-based malware appeared on WatchGuard's Top 10 list of the most common types of malware for Q3 2018. 

The latest "Internet Security Report" report, which analyzed the 100,000 most visited websites on Alexa.com, also found that 6.8% of those sites still support insecure versions of the SSL encryption protocol.

On the Mac front, users can no longer assume that the operating system offers more effective security, says Corey Nachreiner, WatchGuard's CTO. The Mac malware — which came in sixth on the security vendor's list — is primarily delivered via email and tries to trick victims into installing fake cleaning software.

"Mac users that haven't installed a security suite on the endpoint need to do so," Nachreiner says. "The days where Mac users can go to airports, coffee shops, and use home networks without added protections like a firewall and IP reputation services are over."

Marc Laliberte, senior security analyst at WatchGuard, says while it's true Apple designs security into the MacOS, the market dynamics have shifted.

"Hackers look for where they can get the most ROI, and for several years it was with Windows machines," Laliberte says. "Over the last five years, Mac laptops have become very popular, which is why we believe there is a surge in Mac malware."

Websites Need to Upgrade to TLS
As for the sites that still support insecure versions of the SSL, it's time for them to consider upgrading to TLS, Nachreiner says.

In fact, for organizations that don't collect sensitive information, it may make more sense to run an insecure site because running the website with https:// gives users the impression that the site is secure when it's not, he adds.

"The last thing you want to do is give people a false sense of security," Nachreiner says. "We recommend that organizations running websites with sensitive information use TLS 1.2 or TLS 1.3."

The WatchGuard report found that 5,383 websites in the top 100,000 websites visited on Alexa.com still accept SSL 2.0 and SSL 3.0 encryption. SSL 3.0 has been outdated since 2015, while SSL 2.0 was deprecated in 2011. The report also found that 20.9% of the top 100,000 websites do not use encryption at all.

Related Content:

 

Steve Zurier has more than 30 years of journalism and publishing experience, most of the last 24 of which were spent covering networking and security technology. Steve is based in Columbia, Md. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Crowdsourced vs. Traditional Pen Testing
Alex Haynes, Chief Information Security Officer, CDL,  3/19/2019
BEC Scammer Pleads Guilty
Dark Reading Staff 3/20/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Well, at least it isn't Mobby Dick!
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
The State of Cyber Security Incident Response
The State of Cyber Security Incident Response
Organizations are responding to new threats with new processes for detecting and mitigating them. Here's a look at how the discipline of incident response is evolving.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-9923
PUBLISHED: 2019-03-22
pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers.
CVE-2019-9924
PUBLISHED: 2019-03-22
rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell.
CVE-2019-9925
PUBLISHED: 2019-03-22
S-CMS PHP v1.0 has XSS in 4.edu.php via the S_id parameter.
CVE-2019-9927
PUBLISHED: 2019-03-22
Caret before 2019-02-22 allows Remote Code Execution.
CVE-2019-9936
PUBLISHED: 2019-03-22
In SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c, which may lead to an information leak. This is related to ext/fts5/fts5_hash.c.