Mac cyberattacks double in 2019: Malwarebytes

The Apple ecosystem has long been considered the safer environment compared to Windows when it comes to being targeted by cyberattacks, but that is no longer necessarily the case.

Almost twice as many attacks were recorded against Mac endpoints in 2019 compared to those running Windows, Malwarebytes revealed in its 2020 State of Malware Report. In a way this increase can be blamed on Apple itself. One of the reasons cybercriminals gave Macs short shrift was because the market size was not large enough to justify expending time and energy to develop Mac-specific threats.

“This is
likely because, with increasing market share in 2019, Macs became more attractive
targets to cybercriminals. In addition, macOS’ built-in security systems have
not cracked down on adware and PUPs to the same degree that they have malware,
leaving the door open for these borderline programs to infiltrate,” the report
stated.

The good
news for Mac owners is malware is still more of an issue for Windows machines,
but the number of potentially unwanted programs and adware with Adware.NewTab
and PUP.PCVARK each being detected more than 25 million times by Malwarebytes.
On the malware side only two varieties, OSX.Generic.Suspiciou and OSX.FakeFileOpener,
had more than 300,000 detections.

“While these
threats are not considered as dangerous as traditional malware, they are
becoming a much larger and more noticeable nuisance for Mac users, who can no
longer say that their beloved systems are immune from malware Malwarebytes
noted that all but one of the PUPs, adware and malware required the user to be tricked
into opening or downloading a malicious file,” the report said.

The most notorious
case of Mac malware reported in 2019 involved several cryptocurrency exchanges,
including Coinbase. Here these were infected using a FireFox zero-day
vulnerability to download Wirenet and Mokes malware. This was the first time
Macs had been hit through such a vulnerability since 2012 when Java flaws were
used. This resulted in Apple simply removing Java from its system to close this
attack vector.

Mac issues
may have taken top billing in the report, but the number of threats targeting
business and consumer Windows machines was also up, albeit just one percent. Malwarebytes
detected 50.5 million threats against Windows in 2019. In this space consumers
were victimized much more that businesses, with 40.9 million vs. 9.5 million
attacks spotted. However, the number of consumer threats did drop 2 percent,
while business attacks increased 13 percent.

Adware was
the dominant threat against consumers comprising 16.9 percent of all attack types,
or more than 10 million more than the next largest malware, trojans.

Interestingly,
ransomware attacks may have appeared to be everywhere in 2019 they were far
down the list of detected threats against businesses and did not appear at all
among the top consumer threats. Adware, trojans, riskware tools and backdoors were
more prevalent, and the number of ransomware attacks actually declined.

“Year-over-year
volume of ransomware detections declined by 6 percent, but the numbers don’t
tell the full story. The ransomware families most popular with threat actors in
2019 were far more advanced than what we saw in 2018 and the years before,” the
report said, adding that ransomware attacks also tend to be more high profile
and targeted making them appear omnipresent.

Malwarebytes
singled out the Ryuk
and Sodinokibi
ransomware families for a special deep dive in the report.

Ryuk first surfaced
in August 2018 and landed its first big name victim when it hit Tribune Publishing
four months later. Detections of Ryuk increased by more than 500 percent in the
first quarter of 2019 over the previous quarter, and by the fourth quarter
2019, they were up another 43 percent. In many cases it was carried into a
system by Trickbot or Emotet as part of a larger attack package that almost
exclusively targets enterprise-scale organizations from which it can try and
pull large sums of money.

Ryuk ransom
notes generally demand between $97,000 and $320,000.

Sodinokibi
made its name in 2019 as a ransomware as a service that is most likely operated
by GandCrab’s creators. Since its introduction I May 2019 detections of this
family have increased by 820 percent. It actively exploits CVE-2019-2725, a vulnerability
in Oracle WebLogic and is also spread via spam, phishing campaigns and malvertising.

The post Mac cyberattacks double in 2019: Malwarebytes appeared first on SC Media.