A cyberattack targeting Pakistan, that appears to have originated from India with the primary purpose of cyber espionage, may cause lasting damage to UK businesses using Mac OS X, according to security experts.
A report from Norman Shark’s security analyst team entitled Operation Hangover details a cyber campaign that is thought to be gathering information from national security targets and private sector companies mostly based in Pakistan, but also in the UK and United States.
The Operation Hangover campaign is reliant on previously identified vulnerabilities in popular software (such as Word) and browsers (including Java).
If left unaddressed Operation Hangover will cause "lasting damage" to UK businesses.
The fact that Operation Hangover has been successful suggests that government organisations, defense and private businesses are not properly managing the update of their systems. This failure to implement security updates is exposing companies to serious risks, notes Security Affairs.
The failure of Mac users to recognize that there may be a threat to their systems is highlighted by Kaspersky security expert David Emm. Emm highlighted Hangover's links to a recent outbreak of Apple OS X malware when he told V3: "There has been a growing amount of malware aimed at OS X in the last two years, including DNS Changers, fake anti-malware programs and botnets. This is a result of the growing market share of the Mac. Gone are the days when Apple could compare the 'healthy Mac', immune from malware, with the 'sick PC' and this incident provides a further example of this."
Emm said the threat of Mac malware will grow. "It is likely that the number of threats targeting OS X will continue to grow and it would be naïve of anyone using a Mac to imagine that they could not become the victim of cybercrime."
Of course security venders have a motive to get Mac users to install virus detection software on their Macs. However, Apple has implemented new measures in Mountain Lion that are designed to stop users being able to install anything that is not verified as trustworthy.
Via Gatekeeper in Mac OS X 10.8 Mountain Lion, Apple only allows users to download software from the Mac App Store, and software that’s certificate has been digitally signed by a developer with an Apple Developer ID. "The Developer ID allows Gatekeeper to block apps created by malware developers and to verify that apps haven’t been tampered with," says Apple’s website.
This system isn't completely secure however, malware was detected recently on a Mac and it had a valid Apple Developer ID that allowed it past Gatekeeper. This suggests that Apple had verified the developer to whom the ID is assigned.