Post by: Sarah Maloney
We've all heard someone say it ..."Macs don't get viruses." Most people still seem to think macOS is super secure. Sorry, but this idea hasn't been true for a while now. It is still true though that Macs get fewer viruses than Windows, but Macs still get them (and the number is rising).
All operating systems are vulnerable and motivated attackers will find a way to infiltrate. Look at KeRanger, the first ransomware program targeting Macs, which was detected last year. More recently, in May 2017 attackers hacked the popular DVD-ripping app HandBrake to spread a variant of the Proton malware.
Weaponizing the Mac attack
Attackers have multiple tools at their disposal for weaponizing the attack. Apple’s decision to use Intel chips in Macs allowed hackers to port code for Windows malware to macOS, giving these programs cross-platform functionality. While this feature hasn’t been leveraged as much as anticipated, Cybereason Labs discovered a Mac port of Windows adware that included functions like the ability to execute scripts and obtain root access. Called OSX.Pirrit, the adware is a Windows binary that was recompiled to be able to run on a Mac. The people behind OSX.Pirrit didn’t use it to conduct malicious activity, but the incident should serve as a reminder that attackers can modify Windows threats and use them against Macs. Options abound for delivering a payload to a Mac, especially when people are factored into the security equation.
Remember that Mac security matters
The immediate takeaway is to remember that Mac security matters. While this point may seem obvious, organizations sometimes treat their Macs as the second most vulnerable attack surface after Windows machines.
Next, remember that security is meant to enable business, a point that was lost in when developing Windows security programs. Security will likely take a backseat if it prevents a company from carrying out its core business. Your security program needs to reflect this principle and include Macs.
Finally, be prepared for an evolution of attacks on Macs. The TTPs used to pop Windows machines are being applied to Macs. Expect more of this activity in the future as Macs make further strides in the enterprise and become a bigger target.
I'd like to imagine a world where uncrackable devices with zero risk of attack exist, but then I'd be out of a job? But seriously, is it possible? I think yes, someday. But in the meantime, educate. As long as there are people sitting at a keyboard, there are ways for the bad guys to access a Mac. People fall for phishing emails, visit compromised websites and plug USB drives into their computers.
To read more about the state of Mac security, explore how attackers can infiltrate Macs and learn what this means for enterprise security, take a moment and download our white paper.