Escalating current events that involved several series of emergency patches and intrusions into prominent companies have slightly distorted our view of the bigger picture: it appears that companies are being spied on with a high degree of technological effort – regardless of whether their employees are using Windows or Mac computers.
A short summary of events: Apparently, unknown perpetrators launched a very targeted attack and hacked iPhoneDevSDK, a forum that is mainly used by iOS app developers. The attackers injected into the forum an exploit for a previously unknown security hole in Java – things like that are worth five to six-digit figures on the black market. The hackers used the exploit to target and compromise the systems of developers working for Facebook, Apple and potentially Twitter. The attack focused on software developers in the mobile area, and its likely purpose was to obtain current project information from the victim’s computer. Both Windows and Mac computers were affected.
At the same time, Adobe released a series of emergency patches for Flash and Reader. These patches were also triggered by 0-day holes that were exploited in attacks on both Windows and Mac computers. Sparse information concerning the targets, such as Adobe crediting arms manufacturer Lockheed Martin, points towards targeted industrial espionage.
The important lesson to be learnt from these intrusions is that software developers, engineers and other computer users who have access to information that could make them an attack target mustn’t simply trust that their systems are safe – regardless of whether they are using Windows, Mac OS X or Linux. The bulk of malicious programs continues to focus on Windows; targeted attacks will concentrate on whatever the victim is using.
On the other hand, anti-virus vendors who are now crying wolf and pointing at the Mac products that are gathering dust on their shelves must be reminded that their products are largely powerless when it comes to preventing targeted attacks. There is no generic formula for preventing targeted espionage, and there is certainly no single product that can guarantee safety. The best approach is a staggered defence strategy on multiple levels. Ultimately, however, it is almost unavoidable that such attacks will eventually be successful, and potential victims should prepare themselves to ensure that attacks are detected in time and responded to appropriately. However, there is no generic formula for these preparations either.