Analysis: Cyber criminals are increasingly turning their attention to Apple devices.
Macs do not get malware the old adage used to go. Hackers just were not that interested in the niche devices that many business would not use.
Except now millions of people all around the world are using a variety of Apple devices, and they are being deployed by firms in an increasing number of industries too.
IDC said that in Q3 2015 Apple smartphone shipments had risen by nearly a quarter year on year (22.2%), a total of 48m units shipped accounting for 13.5% of smartphone shipments that quarter. The firm’s laptop sales were also up 7.5%.
Suddenly Apple’s array of desktops, laptops, phones and tablets are a much more tempting target for cyber criminals.
Earlier this month, Symantec’s Dick O’Brien wrote that the popularity of Apple devices is prompting a surge of new threats:
"The number of new Mac OS X threats rose by 15 percent in 2014, while the number of iOS threats discovered this year has more than doubled, from three in 2014 to seven so far in 2015. Jailbroken devices are the focus of the majority of threats and, of the 13 iOS threats documented by Symantec to date, nine can only infect jailbroken devices."
It’s clear then the threat against Apple in general is increasing. Hon Lau, principal security response manager at Symantec told CBR: "What we’ve seen is an upward trend against Apple devices in the Apple ecosystem namely iOS and Mac OSX."
"The thing with cyber criminals and attackers," said Lau "is they go where the people are."
Peter Gaul of FireEye thinks that we will see an increase in attacks against Apple devices in the 12 months to come. He notes how quickly the recent high profile XCode attacked changed:
"Once XCode Ghost came out, not long after ourselves and others had published about it that we then detected XCode Ghost S where it had actually morphed, and it was hiding a obfuscating the way of communicating with its control servers and building the URLs after the app was installed. Again it made it passed Apple’s detection and made it out onto the devices so I can only see this increasing."
This is not just a consumer issue either. Apple is really pushing to get its devices into the hands of business users. On its iPhone business website the firm says that the device "is secure right out of the box."
Gaul told CBR: "It absolute is a business issue. And whether these are corporate owned devices and managed by an Mobile devcie management solution, or whether their bring your own device where they just giving people access to email and maybe a few documents and things, this is still having access to things such as contact lists, global address books. There is no control over which other apps people put on their phones."
Lau does try and give some good users for Apple devotees: "We haven’t really seen any exploit kits targeting Macs," he said, before adding "sometimes this exploit kits are associated with ransomware attacks" which can trick Mac users into paying up.
He also doesn’t think this immunity to exploit kits will last: "I think it’s inevitable at some stage that will happen, it’ just a matter of when."
Gaul does think that Apple take the threat against their devices seriously.
Lau said: "The iOS devices are better protected in some ways they generally are locked down to the Apple app market and they quite well protected in terms of security. The apple Macs themselves are probably a bit easier to get into, because you download and run pretty much any application you want. It’s easier to bypass the protection in them."
In 2016 then, Apple users will have to do a lot more maintenance of their walled garden.