If you think using an Apple computer protects you from viruses and malware, think again, writes Colin Tankard, Managing Director, Digital Pathways.
Apple stopped their marketing phrase ‘we don’t get viruses’ in 2012, which was an admission that Mac computers can get viruses.
It is true that macOS is more secure in many ways than Windows OS, and with lower market share, it makes developing malware less attractive due to the return on investment. But all Macs are still vulnerable to many viruses and malware, and it is a growing problem.
A study by Atlas VPN in 2021 found that the development of macOS malware surged by 1,092% in 2020. This equated to 674,273 new malware samples as compared to 56,556 detected in 2019. Malware, or malicious software, is a collective term for all kinds of threats. Microsoft lumps malware into thirteen distinct categories: backdoors, downloaders, droppers, exploits, hack tools, macro viruses, obfuscators, password stealers, ransomware, rogue security software, trojans, trojan clickers, and worms. The report showed that the development of malicious software for Apple’s macOS, was spreading like wildfire and amounted to an historic high, a trend which the 2022 report indicates is continuing, which is scary. Hackers are clearly shifting their sights onto Mac computers.
Another dent in the Mac security argument was the alert from Apple about the vulnerability in Safari that allowed attackers to take complete control of the device. One of the software weaknesses affected the kernel, the deepest layer of the operating system. The other affected WebKit, the underlying technology of the Safari web browser. Apple’s explanation of the vulnerability meant a hacker could get ‘full admin access to the device’ so that they can ‘execute any code as if they are the user’.
Although a ‘fix’ was quickly released, Apple, like any other operating system, relies mostly on the user applying the patch, which in many cases is delayed or forgotten, extending the risk to the endpoint.
Until the fix was released, the vulnerabilities will have been classed as ‘zero-day’ bugs because a fix was available for them for zero days. Such weaknesses are hugely valuable on the ‘dark market’ where hackers will buy them for hundreds of thousands, even millions, of dollars. According to The Guardian, the broker Zerodium, will pay ‘up to $500,000’ for a security weakness that can be used to hack a user through Safari, and up to $2million for a fully developed piece of malware, that can hack an iPhone without a user needing to click on anything. This demonstrates the value in malware and OS bugs.
Mac users often forego the use of antivirus software, deeming it unnecessary, as Mac’s are seen to be secure. This obviously makes them vulnerable to malware and may render them more attractive targets for cybercriminals. Apple’s built-in security system is effective at keeping malware out but added layers of protection should be employed by installing third party antivirus software.
The macOS operating system comes with built-in malware detection but, with an increasing number of threats, there’s a higher likelihood that new malware could find its way onto a system before Apple updates its databases. Therefore, it is good practice to also have a third-party advanced antivirus solution running as a further barrier.
However, it is not only malware that is the issue. If someone tricks you into installing something, it’s already too late for Apple to save you. Human error doesn’t distinguish between operating systems and Mac users can fall prey to scams just as easily as PC users. Scams not only attempt to get a user to download software, but can try to get credentials, or act as a trojan horse to gain access to others. The success of such scams is down to human laziness, not checking if the request is legitimate. Targeting the weakest link in an organisation bypasses any on-device security.
It is not only the endpoint that Mac users must consider, as attacking data in storage either as a back-up or cloud application is another route back into an Apple house, in order to infect endpoints. This is because many organisations do not have secure storage for their data, often thinking it is the hosting provider who will look after the security. Unless you take active steps to secure this remote data it could be compromised in the cloud and then, when accessed by a user, brought down, unchecked (as it is from a known address), into the network where it can then infect other machines. It is the classic insider threat but orchestrated by authorised users.
Data is valuable and so it is worth protecting, here are five things to do to protect your Mac world:
•Ensure every endpoint is patched to the latest OS update within fourteen days of release, and actively block any machine which fails this milestone
•Deploy a robust Advanced Anti-Virus and Data Leakage solution which can be centrally managed and audited
•Encrypt all data on the device, in the cloud or on network storage and ensure the data protection is ‘immutable’ so it cannot be changed without the correct access
•For any external access to data, always ensure Multi Factor Authentication is installed. This removes the risk of weak passwords
•Deploy a log management system which can be easily managed and understood, but which will alert you to any rogue behaviour either by users, hackers, or malware.
Adding security solutions to your Apple deployment is a must, but the bigger battle is the false sense of security Apple users have. It is not just misguided, it is dangerous. It encourages users to ignore those issues that IT teams cannot do, such as choosing good passwords and being suspicious about links in emails. Everyone inside an organisation that uses a computer has a role to play in keeping that organisation safe. No computer is inherently safe no matter if it is running Linux, Windows or macOS.
The only way to shift that false sense of security is by meeting it head on with user education. Changing people’s perceptions can be difficult and it can take a long time, so be prepared to say the same things over and over again!
