Apples’ macOS operating system is no longer the safe haven from cybercrime it was once thought to be. That’s according to security vendor Malwarebytes and its “2020 State of Malware Report,” which offers some troubling statistics for those charged with cybersecurity. The report covers the threat landscapes of Windows, Mac and Android operating systems, as well as the threat landscape of the web.
One of the most shocking revelations was that threats to OS X-based machines are ramping up and grew more than 400% in 2019 from the prior year. Malwarebytes detected an average of 11 threats per Mac endpoint in 2019, nearly double the average of 5.8 threats per endpoint on Windows. Statcounter GlobalStats shows that OS X has roughly an 8% market share worldwide, indicating that the increase in threat activity may only impact a small portion of the OS market.
The report also revealed that cybercriminals may be rethinking their attack strategies, focusing less on consumers and ramping up attacks on businesses. Threats aimed at consumers dropped by 2% when compared to the previous year, while threats aimed at businesses increased by 13%.
In addition, the report found that across the four global regions measured, North America (NORAM) led in threat detections, with 48%. Europe, the Middle East and Africa (EMEA) followed with 26%, while Latin America (LATAM) accounted for 14% and Asia Pacific (APAC) with the least amount of threat activity—just 12%. Compared to the previous year, LATAM saw the largest increase in threat detections, with an increase of 26%. NORAM followed, with a 10% increase recorded.
For 2019, Adware variants took the lead as the largest threat family, with 7 of 10 threat detections for consumers and 5 of 10 business threats. Adware increased 13% year over year for consumers and a whopping 463% for businesses. There was also a shift in business and organizational targets, with threats against the services sector increased over the education and retail sectors. The increase in attacks for the services sector manifested itself in the managed service provider (MSP) segment to take advantage of MSPs’ networks of clients.
Malwarebytes also offers some predictions for 2020: The company expects ransomware attacks to increase and evolve at a more rapid pace than in the past, a change it attributes to the diversification of attack vectors. The company also warns that web skimmers will broaden their impact by going after more e-commerce platforms, stealing payment cards and consumer information. Other warnings include caution around election security, biometric data and the potential for growth in exploit kits. Malwarebytes is also warning cybersecurity professionals to be on the lookout for an increase of hybrid attacks, with multistage payloads.
The Malwarebytes research shows that 2019 was a tumultuous year in cybercrime and that there is no oasis where users could escape. 2020 is going to require that cybersecurity professionals step up their game and increase their due diligence if they expect to combat forthcoming threats.