Mac OS X malware outbreak expected in 2013

cybersecurity 2013

As digital life and offline life continue to mix, blend, and become evermore inseparable, the risk associated with such an existence will naturally persevere, change, expand, and morph with each passing years. And while every cyber security company out there keeps tracks of the bad stuff that has and will happen to Internet users, few have the clout and expertise of Kaspersky Labs, which released today its list of predictions for cyber (in)security in 2013.

Mac Malware on the rise

Among the trends for next year, there will be an increase in malware that targets Apple’s Mac OS X operating system, say Kaspersky Global Research & Analysis Director Costin Raiu and Senior Regional Researcher David Emm. Hackers traditionally ignored OS X because it made more sense to spend time developing viruses and other malware that would potentially reach a larger number of victims through Microsoft Windows machines. But all that changed this year with the Mac OS X Trojan virus “Flashback” (aka Flashfake).

“Based on our statistics, we estimate that Flashback infected over 700,000 Macs, easily the biggest known MacOS X infection to date,” write Raiu and Emm.

“Flashback continues to be relevant because it demolished the myth of invulnerability surrounding the Mac and because it confirmed that massive outbreaks can indeed affect non-Windows platforms. Back in 2011, we predicted that we would see more Mac malware attacks. We just never expected it would be this dramatic.”

Kaspersky researchers say they have also seen “targeted attacks on specific groups, or individuals, known to use Macs,” in addition to broad attacks like those waged using Flashback. “The threat to Macs is real and is likely keep growing,” they say.

Spying and privacy

Government surveillance and increased threats to individual privacy will also become major trends during the next 12 months, say Raiu and Emm.

The use of “legal” surveillance tools by world governments will become a necessary evil in the fight against cyber-crime, which has law enforcement scrambling to get a step ahead of the bad guys. These spying tools include things like the ‘Bundestrojan‘ malware allegedly used by the German government to spy on its citizens, or a software that allows law enforcements to monitor our mobile phone usage.

“Clearly, the use of legal surveillance tools has wider implications for privacy and civil liberties,” write Raiu and Emm. “And as law enforcement agencies, and governments, try to get one step ahead of the criminals, it’s likely that the use of such tools – and the debate surrounding their use – will continue.”

In addition to threats to privacy from our governments, criminals will be increasingly enticed by the valuable user data that we continue to funnel onto the servers of every online service that we use. “The value of personal data – to cybercriminals and legitimate businesses – will only grow in the future, and with it the potential threat to our privacy increases,” writes the researchers. Furthermore, our data will continue to be used for the purposes of serving advertising, sometimes without our knowledge or consent, say Raiu and Emm, “and it’s not always clear how to opt out of this process.”

Other issues

These are only a smattering of the cyber security issues that Kaspersky estimates will rise in prominence in 2013. Here is a quick rundown of the rest of the researchers’ list:

  • Continued rise of targeted attacks
  • Ongoing march of “hacktivism”
  • More nation-state sponsored cyber-attacks
  • Attacks on cloud-based infrastructure
  • Continued problems with online trust and digital authorities
  • Continued rise of mobile malware
  • Vulnerabilities and exploits continue to be key attack methods for cybercriminals
  • Wide deployment of Ransomware and cryptoextortion malware

To get the full predictions, read Raiu and Emm’s thoughtful blog post here.