How the Mac OS X Trojan Flashback Changed Cybersecurity

Not so long ago, the Mac was thought to be impervious to viruses. In fact, Apple once stated on its website that “it doesn’t get PC viruses”. But that was before the Mac OS X Trojan Flashback malware appeared in 2012.

Since then, Mac and iPhone security issues have changed dramatically — and so has the security of the entire world. In this post, we’ll revisit how the Flashback incident unfolded and how it changed the security landscape forever.

What is the Mac Flashback Trojan?

Flashback (also called Flashfake) is a type of Mac OS X malware first detected in September 2011. By March 2012, the trojan had infected around 700,000 computers worldwide. After infection, compromised PCs were recruited into a botnet that enabled the installation of additional malicious code. One of the malware’s objectives was to generate fake search engine results.

According to researchers, threat actors used Flashback to siphon Google ad revenue. The trojan’s ad-clicking component loaded into Chrome, Firefox and Safari, where it could intercept browser requests and redirect specific search queries to a page of the attacker’s choosing. From there, criminals raked in click-generated revenue totaling about $10,000 per day.

Infected Through WordPress

According to Kaspersky, Flashback malware spread thanks to a threat partner program that appeared to be of Russian origin.

The program implemented script redirects from huge numbers of legitimate websites worldwide. By early March 2012, the program had infected tens of thousands of sites powered by WordPress. This might have occurred due to site owners using vulnerable WordPress versions or installing the ToolsPack plugin. Approximately 85% of the compromised sites were located in the US.

When any of the infected sites were visited, a tabular data stream (TDS) was contacted. The browser could then perform a hidden redirect to sites in the domain zone. The rogue sites had Flashback exploits installed on them to execute the malware.

A New Reality for iOS and macOS

News of Flashback shook the entire cybersecurity and tech industry. The Mac OS, once considered a haven against viruses, had fallen. And it was not an isolated event. Soon after, in April 2012, a new Mac OS X trojan was discovered.

Fast forward to the present day, and the vulnerabilities continue to multiply. In August 2022, the Apple Support site published security updates for iOS 15.6.1 and iPadOS 15.6.1 and macOS Monterey 12.5.1. Theoretically, these vulnerabilities give a hacker full admin access to the device. This would allow intruders to impersonate the device’s owner and subsequently run any software in their name.

While these weaknesses make headlines, the reality is that no system is immune to security threats. You only need to browse the Apple and Microsoft security updates pages to see the extent of the issues discovered. Alongside these concerns, threat actors have only increased their efforts to find and exploit every vulnerability.

Malware Development is on the Rise

Macs or iPhones are still safe compared to other options: their built-in security remains above par. But no OS is entirely secure anymore, if they ever were, to begin with.

Consider these chilling facts. According to Atlas VPN, macOS malware development surged by over 1,000% in 2020, with a total of 674,273 malware samples. Compare that to Windows, which faced over 91 million samples in 2020.

In some ways, the Flashback incident marked a moment in history when attack rates began to increase significantly. For example, from 2012 to 2013, the malware infection growth rate more than doubled from 82.62 million to 165.81 million incidents. Also, monetary damage caused by cyber crime reported to the IC3 increased by over 200 million between 2012 and 2013. From there, incident rates and costs have ramped up quickly and show no signs of slowing.

Currently, many factors contribute to this rise. For starters, more people working from home widely increases attack surfaces. The conflict in Ukraine, cheap attack services and a tight security labor market also contribute. All these factors dramatically increase the pressure on security teams.

The IBM Cost of a Data Breach 2022 report revealed that 83% of organizations studied have had more than one data breach. These new realities make security not only a top business concern but also a core element of overall business strategy.

New Threats Require New Tools

If the Trojan Flashback was a bellwether event, it might have ushered in a new way of thinking about security. If no system is entirely secure, then mitigating tools must be more adaptive and intelligent. Rather than hoping to install a failsafe system, approaches such as threat intelligence, zero trust and AI-driven security are remodeling how we think about security.

Applications and devices are proliferating exponentially. Remote work is on the rise. Companies continue to migrate their networks to the cloud. By definition, we live and work in a perimeter-less reality, and our security solutions must evolve to serve us there.

The stakes couldn’t be higher. We’ve seen critical infrastructure like the Colonial Pipeline attacked. Government agencies and agriculture are under increasing pressure as well. Even top-tier security firms have been hacked. And the conflict between Russia and Ukraine has raised the stakes even higher than anyone imagined.

Sitting still and hoping that luck or flimsy security solutions will suffice is no longer an option. We need entirely new ways to protect people, IT assets, governments, businesses and entire societies.

Adapting to Security Challenges

Despite the rising number of threats, security professionals are stepping up to the challenge with measurable results. For instance, the IBM report revealed that:

  • Companies saved an average of $3.05 million per breach with fully deployed security AI and automation
  • Average cost savings of $2.66 million was associated with an incident response (IR) team and regularly tested IR plan
  • Savings in response time of 29 days for those with extended detection and response (XDR) technologies.

Perhaps nobody will ever again be able to say, “it doesn’t get PC viruses”. But we will continue to develop new ways to thwart threats to our security. Innovation and hard work pay off. And they can help secure our future.

The post How the Mac OS X Trojan Flashback Changed Cybersecurity appeared first on Security Intelligence.