The recent Flashback/Flashfake malware outbreak targeting Apple’s Mac computers is likely to be just the start of a new wave of attacks aimed at the system, Kaspersky founder and CEO Eugene Kaspersky exclusively told CBR.
Speaking exclusively to CBR at Info Security 2012, Kaspersky told us that Apple is a long way behind Microsoft when it comes to security and will have to change the ways it approaches updates following the recent malware attacks.
“I think they are ten years behind Microsoft in terms of security,” Kaspersky told CBR. “For many years I’ve been saying that from a security point of view there is no big difference between Mac and Windows. It’s always been possible to develop Mac malware, but this one was a bit different. For example it was asking questions about being installed on the system and, using vulnerabilities, it was able to get to the user mode without any alarms.”
Kaspersky added that his company is seeing more and more malware aimed at Macs, which is unsurprising given the huge number of devices being sold. Its most recent quarter revealed Mac sales of 4 million, a 7% rise on the year ago quarter. These figures are still dwarfed by PC sales of course, and Kaspersky said Windows will remain the primary target for cyber criminals.
However he added an increase in Mac malware was, “just a question of time and market share. Cyber criminals have now recognised that Mac is an interesting area. Now we have more, it’s not just Flashback or Flashfake. Welcome to Microsoft’s world, Mac. It’s full of malware.”
“Apple is now entering the same world as Microsoft has been in for more than 10 years: updates, security patches and so on,” he added. “We now expect to see more and more because cyber criminals learn from success and this was the first successful one.”
This will mean that Apple will have to change the way it approaches its update cycle for patches, Kaspersky added. The company had previously criticised the speed of Apple’s response to the outbreak and accused it of leaving its users vulnerable for three months.
That approach will have to change if Apple wants to keep its users protected.
“They will understand very soon that they have the same problems Microsoft had ten or 12 years ago. They will have to make changes in terms of the cycle of updates and so on and will be forced to invest more into their security audits for the software,” Kaspersky told CBR.
“That’s what Microsoft did in the past after so many incidents like Blaster and the more complicated worms that infected millions of computers in a short time. They had to do a lot of work to check the code to find mistakes and vulnerabilities. Now it’s time for Apple [to do that],” he added.