There's a common misconception that Macs are immune to security threats such as malware or adware. While we have reported on several Mac-focused security threats, a new analysis reveals that the number of Mac malware is actually skyrocketing. In a threat analysis report, McAfee shows that Mac malware grew by 744% in 2016!
While that number may take you by surprise, it's not actually as alarming as it sounds. Most of the 460,000 instances detected by the security firm were due to adware bundling, where a software exposes users to ads. However, there are definitely some critical security concerns, like Xagent, Safari hijacking issue or the Word macros problem reported earlier in the year.
Mac malware skyrocketed in 2016 - it's mostly adware
Earlier this week, Apple shared that its Mac user base is nearing to almost 100 million mark worldwide. While a small fraction of the market when compared to Windows, the OS still attracts a lot of hacker attention. The reported rise of 744% in Mac malware (again, mostly adware) when compared to 2015 numbers could also be attributed to this increase in Mac adoption.
Similar to Android, Windows attract most of the efforts from the criminal hacking community who want to steal information or hold data for ransom. But, with the growing popularity of iPhones and macOS, we are also seeing a staggering growth in Apple-targeted malware and adware campaigns.
Earlier in February this year, two security researchers said how Mac users at a greater risk because of assumed protection. "Much of the added security afforded to macOS users stems from an expectation of Windows by attackers and less readily-available remote access tools for the OS, rather than better in-built defenses," they wrote. "Thus, macOS users are at risk of assuming greater protection against malware than actually exists, and could be more vulnerable as a result."
While it's still easier to stay safe from Mac malware - try not to install malicious software - it's more difficult to secure Internet of Things. The Threat Analysis talked about the Mirai botnet that took down major sites and services offline, last year.
We also saw the first major attack to leverage poor security of Internet of Things devices last fall. The so-called Dyn attack was a distributed denial of service (DDoS) attack that used IoT devices as bots to cripple a major DNS service provider.
At its peak, the Dyn attack generated 1.2Tbps of traffic, effectively shutting down many well-known websites - the highest volume of DDoS traffic ever recorded. The analysis of the attack confirmed that the DDoS traffic originated from Internet of Things (IoT) devices infected by the Mirai botnet.
You can read more about the latest security threats in this detailed report [PDF]. Following are some key findings taken out from McAfee's Threat Analysis.