Unmasking Mac Malware: Strategies for a Growing Threat
Apple devices have long enjoyed a reputation for being inherently more secure than other operating systems. Even Apple’s infamous “Get a Mac” ad campaign emphasized the security of Macs and made fun of certain Windows security features.
When this campaign started in 2006, this claim was probably true. Macs became more commonly used as personal devices, making them a less attractive target for cybercriminals attacking corporate targets.
However, as Apple has carved out a larger niche in the workplace, this status quo has changed and Apple devices are now a lucrative target for threat actors. We are seeing an increasingly diverse range of threats targeting the Apple ecosystem and organizations must be ready to defend themselves.
Increasing threats in the Mac ecosystem
In the past, the Mac malware landscape consisted mainly of adware, which generally displays or downloads unwanted material but is largely free of more insidious threats. This meant that security teams may have felt comfortable with less rigorous processes, as more dangerous and difficult malware was unlikely.
However, in recent years, cybercriminal groups have increased their efforts to find vulnerabilities and create malware that exploits iOS or macOS. Jamf’s latest annual threat landscape study tracked 300 malware families designed for macOS, and 21 newly created families in 2023.
It’s not just the number of malware families that have increased, but also the types of threats being seen. While adware is still the main problem, accounting for 36.77% of all Mac malware detected, we are now seeing a greater share of threats such as Trojans, ransomware and Advanced Persistent Threats (APTs).
It means that organizations working within the Apple ecosystem now face malware that poses significantly more risk than adware. For example, Trojans are designed to specifically bypass traditional defenses by masquerading as legitimate software, while encryption attacks have the potential to be highly disruptive and costly to businesses.
Senior Manager, EMEIA Security Strategy at Jamf.
The worrying state of cyber hygiene
In addition to creating new malware, cybercriminals continue to develop and refine their social engineering techniques. This means that organizations need a strong focus on cyber hygiene for both technical processes and users. Unfortunately, we found that companies often fell short.
Phishing remains a significant threat and attackers are particularly keen to exploit mobile users. We found that phishing attempts on mobile devices are approximately 50% more successful than on desktops, highlighting a vulnerability that extends beyond traditional computing devices.
We also discovered that mobile devices are highly susceptible to vulnerabilities. An alarming 40% of mobile users in our study were using devices with known vulnerabilities that had not yet been patched, demonstrating that mobile phones are often not managed and patched to the same extent as desktops.
The importance of regular updates and strict security protocols cannot be overstated. This oversight exposes organizations to significant cybersecurity risks, as outdated software often lacks the necessary defenses against new threats. For example, Pegasus spyware typically exploits zero-day vulnerabilities on both new and older devices.
Additionally, crucial security settings such as encryption and lock screens are often disabled, making it easier for attackers to gain access to sensitive data once they have compromised a system.
This is especially critical as the volume and variety of malware continues to increase and more and more attackers are setting their sights on Macs. Organizations that previously got away with lax security processes for their Apple machines may soon find their luck running out.
Best practice for mitigating Mac malware
Organizations must adopt a more proactive security posture to stay ahead of the rising threat of Mac malware and other cyber risk trends. There are several different interlocking trails you can take here.
At a basic level, Endpoint Detection and Response (EDR) tools are essential for maintaining situational awareness of the security status of all endpoints. These endpoint protection tools detect potential threats in real time and provide automated responses to identified risks, enabling continuous monitoring and immediate action against potential security breaches. Organizations must ensure that all devices are equally covered by their EDR, whether Windows, Mac or any other operating system in the corporate environment.
Companies should also focus on this basic safety hygiene. This includes performing routine software updates to patch vulnerabilities, and training employees on best practices such as password usage and settings such as encryption. Enterprises may consider supporting this by implementing advanced device management tools to monitor and manage device configurations to ensure they comply with company policies.
Data encryption also plays a crucial role in securing information. This is often a weak point and we found that 36% of devices disabled the crucial FileVault encryption feature. By encrypting data both in transit and at rest, organizations ensure that even if data is intercepted, it remains indecipherable to unauthorized parties.
Finally, companies should pursue the adoption of the Zero Trust model. This security framework works on the principle that no entity inside or outside the network is automatically trusted. Each access attempt must be rigorously authenticated, significantly reducing the chance of breaches and unauthorized access. This can provide an effective defense against any kind of breach that tries to spread through the network.
Looking forward
With Mac devices becoming more common in the workplace, it has never been more important to ensure comprehensive security plans are in place. Any organization still relying on a lighter Mac security regime that focuses on annoyances like adware will be in for a nasty surprise when faced with more dangerous new threats. Businesses should check that they have not only implemented a multi-tiered strategy, but also that it applies evenly to all devices connecting to the corporate environment.
WE list the best Mobile Device Management solution.
This article was produced as part of Ny BreakingPro’s Expert Insights channel, where we profile the best and brightest minds in today’s technology industry. The views expressed here are those of the author and are not necessarily those of Ny BreakingPro or Future plc. If you are interested in contributing, you can read more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro