F-Secure buys Little Flocker to combat macOS ransomware
Credit to Author: Lucian Constantin| Date: Thu, 06 Apr 2017 08:07:00 -0700
With attacks against Mac users growing in number and sophistication, endpoint security vendor F-Secure has acquired Little Flocker, a macOS application that provides behavior-based protection against ransomware and other malicious programs.
Little Flocker can be used to enforce strict access controls to a Mac’s files and directories as well as its webcam, microphone and other resources. It’s particularly effective against ransomware, spyware, computer Trojans and other malicious programs that attempt to steal, encrypt or destroy files.
F-Secure plans to integrate Little Flocker, which it calls “the most advanced security technology available for Macs,” into its new Xfence technology. Xfence is designed to add behavioral-based protection to its existing endpoint security products for macOS.
Little Flocker was developed by iOS forensics expert Jonathan Zdziarski. In March, Zdziarski announced that he had accepted a position with Apple’s Security Engineering and Architecture team, which might explain why he decided to sell his project.
While Macs have historically been targeted less than PCs by attackers, that has begun to change in recent years. That’s because MacBooks are preferred by many senior-level company executives, developers and other groups of users that are considered high-value targets for both cybercriminal and cyberespionage groups.
Recently leaked documents that allegedly belong to the CIA show that its cyberoperations division has a great interest in MacBooks. The agency has developed low-level firmware implants and espionage software for Apple computers.
Cybercriminals are also targeting Macs. Several Windows Trojan programs have been ported to macOS, and last year also saw the discovery of the first file-encrypting ransomware for the platform.
Little Flocker integrates with macOS at a low level and cannot be easily disabled by malware. It allows users to specify which applications have access to which files or directories. Since it provides real-time protection against unauthorized access to data, it can be highly effective at stopping ransomware, which typically attempts to encrypt a large number of files.