THE TIBERIUM BLOG - recent events, threats, and all things cyber

To open source or not to open source

This is one of the most controversial topics in technology – if free open source software is “better” than paid and maintained software. This is a big topic for discussion, but I only want to focus on the security element between Windows/Linux/OS X and iOS/Android.

Windows Vs Linux Vs OS X (Data provided by https://gs.statcounter.com)

In 2015 I worked for an Apple Premium Reseller, and to my mind they were indestructible, and only Windows suffered from attacks and virus. As OS X became more popular, they became larger targets.

In February 2020 Antivirus developer Malwarebytes released figures pointing at OS X had overtaken Windows 10 for endpoint threats, and attacks on Mac users had increased 400% in 2019. This is mainly due to the increase in popularity of the system.

For years antivirus manufacturers have not been marketing to the Apple users and maybe it’s now time to think about it. Apple and Windows are by far the two most popular platforms, and you pay for them to secure your devices. Microsoft Defender has come on leaps and bounds over the past few years and Apple always push out security updates. The big issue is that most of this work is retrospective, and they need a sample of the malware or virus to use a bypass technique which will always leave them one step behind.

Now before you all go marching over to Linux, it’s not that simple… Linux has a fantastic community that tirelessly update and patch their respective OS. There are lots of distributions or “flavours” of Linux. There are 3 main frameworks, Debian, RedHat and Arch, and most “flavours” were born from these frameworks. The most popular is the Debian framework, which is the foundation for Ubuntu and Mint, generally regarded as the most user-friendly distributions, also Kali and Parrot two popular penetration testing distributions. Unless you know what you are doing then Arch Linux is not for you, there is a reason that it only carries 1.84% of the market share and that is due to the DIY element of the OS.

Dell now sells laptops that can be customised to come pre-loaded with Ubuntu and it certainly looks like Linux may be becoming more popular. If that is the case, it is only a matter of time before specific threat actors and malware will increase their targeting to include Linux. An example of this is the recent attacks by notorious groups such as Turla, Lazarus, Barium, Sofacy.

As ever, the most important thing you can do is be vigilant and sensible. The primary vector of attacks is still e-mail phishing so please be careful what you click on and monitor your endpoints with a Hybrid SOC or MSSP service!

You can read the full MalwareBytes report here

iOS Vs Android

(Data provided by https://gs.statcounter.com)

Google’s Android operating system holds the mobile market, while Apple’s iOS has a firm grip on the tablet market.

Android is by far the most extensive Open Source operating system in existence, they have done this put building what is frankly a great OS and allowing virtually any manufacturer from Samsung to Huawei to be its hardware conduit.

Apple is a Sandbox environment, to release an app on iOS you need to pay apple a yearly fee to become a developer and then submit your app to their internal QA’s. There have been slip-ups in the past but not many… Android, on the other hand – anybody can develop an App and put it on the marketplace with far less hassle. This is the most significant issue with being open source and used by such a large community.

TERRACOTTA is the latest in a long line of app spoofing adware. It has infected around 65,000 devices, spoofed over 5,000 apps, and generated more than 2 billion fraudulent requests. It is unknown how TERRACOTTA has caused so much financial damage.

In March Tekya, Malware infected over 1 million phones and tablets. Check Point Research found around 56 apps that contained Tekya Malware on the Google Play Store, 24 of their apps were explicitly targeting children.

Google has removed the apps that they have found from the app store, but who knows how many are still lurking in the Play Store?

Using an MDM platform like Jamf, Mobile Iron or Microsoft Endpoint protection manager (formally Intune) could have stopped an attack like this from spreading or perhaps even happening. For example, using Microsoft Endpoint Protection Manager, you can set up compliance policies to make sure IOS, Apple, Windows have software updates installed. Who said patching is hard? You can also use an App protection policy to stop confidential corporate data leaving the app.

Conclusions

There is no right or wrong answer; a lot of this comes down to personal preference and your choice of platform. The main thing is that you are careful and precautious on what you click on, what you download, and think about your safety.

I was talking with a friend the other day about all the technology that her kids have: tablets, phones, gaming consoles and the threat these devices can be. My best advice to her was to limit the risk by getting the platforms that pose less risk, and mainly to educate herself and her kids.

When it comes your desktop choice, I don’t think you need to change radically, if you love OS X stay with it, if you’re comfortable with Windows – great. iOS comes with more security features out of the box, but you pay a premium for it. Unfortunately, you can’t buy common sense and critical thinking but to quote my farther “if it seems too good to be true, then it probably is!”

If you would like help protecting your endpoints, devices, server, cloud, or anything that is in use within your company then get in touch! 

Our Tiberium Hybrid SOC service is designed for protection, detection, and response with full automation. Batten down the hatches and stay vigilant!

Share on: