Mac-Based Email Malware Now A Threat: Report

Mac-based malware has popped up or the first time on WatchGuard's list of the top ten most common types of malware. 

The Mac scareware landed in sixth place on the list. Mostly delivered by email, it tries to persuade recipients into installing fake malware, according to WatchGuard. 

The company also reports that 6.8% of the world’s 100,000 leading websites continue to accept non-secure versions of the SSL encryption protocol, despite SSL being deprecated by the Internet Engineering Task Force. Worse, 29.9% use no web encryption.

This report is based on data from tens of thousands of  WatchGuard Firebox appliances, the company says. 

"Outside of a few surprising finds, like Mac scareware in our top ten malware list, we saw attackers stick to what they know in Q3 by reusing and modifying old attacks like cross-site scripting, Mimikatz and cryptominers,” states Corey Nachreiner, CTO at WatchGuard Technologies.

The study also found that the Asia-Pacific region reported more malware hits than the U.S., the Mideast and Africa. APAC was victimized by Razy, Win32/Heur and MAC.OSX.AMCleanerCA. 

Razy, which has almost exclusively targeted APAC, is the second most common piece of malware, making up 4% of all malware blocked by WatchGuard.

However, the most popular malware in Q3 was Mimikatz, a software theft kit. 

According to WatchGuard, analysis also shows that attackers are utilizing applications with cross-site scripting. Cross-site scripting made up 39.3% of the top ten exploits in the third quarter.

Nachreiner adds: “It's a good reminder that the vast majority of attacks aren't ultra-advanced zero days and can be prevented by using a layered security approach with advanced malware detection capabilities and investing in secure Wi-Fi and MFA solutions." 

Next story loading loading..