Unmasking Mac malware – strategies for a growing threat

A person in a wheelchair working at a computer.
Beste gratisprogram for skjerminnspilling (Image credit: Shutterstock: AnnaStills)

Apple devices have long enjoyed a reputation of being inherently more secure than other operating systems. Even Apple’s infamous “Get a Mac” advert campaign highlighted the security of Macs and poked fun at certain Windows’ security features.

When this campaign launched back in 2006, the statement was probably true. Macs tended to be more common as personal devices, making them a less attractive mark for cybercriminals attacking corporate targets.

However, with Apple carving out a greater niche in the workplace, this status quo has shifted, and Apple devices are now a lucrative target for threat actors. We’re seeing a more diverse range of threats targeting the Apple ecosystem and organizations need to be ready to defend themselves.

Growing threats in the Mac ecosystem

In the past, the Mac malware landscape was predominantly adware, which generally displays or downloads unwanted material but is largely free of more insidious threats. This meant that security teams may have felt comfortable with less rigorous processes, since more dangerous and difficult malware were unlikely.

However, in recent years, cybercriminal groups have been ramping up their efforts to find vulnerabilities and create malware that will exploit the iOS or macOS. Jamf’s latest annual threat landscape research tracked 300 malware families designed for macOS, and 21 newly created families in 2023.

It’s not just the number of malware families that has risen, but also the type of threats seen. Whilst adware is still the primary issue and accounts for 36.77% of all detected Mac malware, we’re now seeing a greater proportion of dangers like trojans, ransomware, and Advanced Persistent Threats (APTs).

It means that organizations that work inside the Apple ecosystem now have to contend with malware that poses significantly more risk than adware. For example, Trojans are designed to specifically bypass traditional defenses by masquerading as legitimate software, whilst encryption attacks have the potential to be highly disruptive and costly for businesses.

Suzan Sakarya

Senior Manager, EMEIA Security Strategy at Jamf.

The worrying state of cyber hygiene

Alongside the crafting of new malware, cybercriminals are continuing to develop and refine their social engineering techniques. This means that organizations need a strong focus on cyber hygiene for both technical processes and users. Unfortunately, we found enterprises often fell short of the mark.

Phishing continues to be a significant threat, and attackers are especially keen to exploit mobile users. We found that phishing attempts on mobile devices are roughly 50% more successful than on desktops, highlighting a vulnerability that extends beyond traditional computing devices.

We also found mobile devices were highly prone to vulnerabilities. An alarming 40% of mobile users in our research used devices with known vulnerabilities that had not been patched, showing that mobiles are frequently not managed and patched to the same degree as desktops.

The importance of regular updates and stringent security protocols cannot be overstated. This oversight exposes organizations to significant cybersecurity risks, as outdated software often lacks the necessary defenses against newly emerging threats. For example, Pegasus spyware usually leverages zero-day vulnerabilities in both new and older devices.

Compounding this, critical security settings such as encryption and lock screens are frequently disabled, making it easier for attackers to access sensitive data once they have compromised a system.

This is especially crucial as the volume and variety of malware continues to climb, and more attackers set their sights on Macs. Organizations that have previously got away with lax security processes for their Apple machines may soon find their luck running out.

Best practice for mitigating Mac malware

Organizations must take a more proactive security stance to get ahead of the rising threat of Mac malware and other cyber risk trends. There are multiple different interlocking paths to take here.

At a baseline level, Endpoint Detection and Response (EDR) tools are essential for maintaining situational awareness of the security state of all endpoints. These endpoint protection tools detect potential threats in real time and provide automated responses to identified risks, thus enabling continuous monitoring and immediate action against possible security breaches. Organizations should ensure that all devices are covered equally by their EDR, covering Windows, Mac, and any other OS present in the corporate environment.

Enterprises also need to focus on those security hygiene fundamentals. This includes committing to routine software updates to patch vulnerabilities, and training employees around best practices such as password usage and setting such as encryption. Businesses may consider backing this up by implementing advanced device management tools to monitor and manage device configurations to ensure they are in line with company policy.

Data encryption also plays a pivotal role in safeguarding information. This is often a weak point, and we found that 36% of devices disabled the crucial FileVault encryption feature. By encrypting data both in transit and at rest, organizations ensure that even if data is intercepted, it remains indecipherable to unauthorized parties.

Finally, businesses should pursue the adoption of the Zero Trust model. This security framework operates on the principle that no entity inside or outside the network is automatically trusted. Every access attempt must be rigorously verified, significantly reducing the potential for breaches and unauthorized access. This can provide an effective defense against any form of breach seeking to move through the network.

Looking ahead

As Mac devices become increasingly common within the workplace, it’s never been more important to ensure comprehensive security plans are in place. Any organization still relying on a lighter Mac security regime geared around annoyances like adware will be in for a nasty surprise in the face of more dangerous new threats. Businesses need to check that, they not only have a multi-layered strategy in place, but that it applies evenly to all devices connecting to the corporate environment.

WE list the best Mobile Device Management solution.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

Suzan Sakarya, Senior Manager, EMEIA Security Strategy at Jamf.