Analysis: 2015 was the watershed year for Mac malware, but are businesses doing enough to protect themselves?
Apple’s products, including its line of Mac desktop computers, have always had a better reputation for security than counterparts, but a spate of new threats is putting Mac at the top of the security agenda.
On 4 March, Palo Alto Networks detected that ransomware dubbed KeRanger had infected the Transmission BitTorrent client installer for OS X, the Mac desktop operating system. This came two years after the first ransomware for Mac was discovered by Kaspersky Labs, called FileCoder.
It’s not just ransomware that is hitting the supposedly safer platform. 2015 was a watershed year for OS X malware instances generally.
A report by Carbon Black found that 2015 had seen 948 instances of malware, compared to 180 between 2010 and 2014. The report was based on a 10-week analysis conducted by the team.
The Carbon Black analysis attributes the growth to an increasing share of the market, with 16.4 percent of the market now running OS X. This includes in the enterprise; 45 percent of companies offer Macs to their employees, according to research cited in the report. JAMF Software’s second annual global survey of IT pros in December found that 96 percent of enterprise professionals said that their internal teams supported Mac.
This increasing proliferation of Macs, along with vulnerabilities in the operating systems, such as those contained in the Gatekeeper and Keychain features of El Capitan, has incentivised cyber criminals to focus more on the platform.
Of course, as a market has sprung up in the Mac sphere for cyber criminals, a market has sprung up for cyber security companies helping users to defend their machines.
According to Thomas Reed, Director of Mac Offerings at Malwarebytes, one such company, Macs still see malware on a much smaller scale and of a much lesser sophistication than on Windows.
"Of course, the biggest difference is that the Mac has only seen one piece of ransomware so far, and it was killed off very quickly."
However, Reed adds that this "could easily change if criminals find that they can make money targeting Macs with such malware."
He identifies three major threats to Macs at the moment: adware, malware and potentially unwanted programs (PUPs).
"Adware is more of a nuisance, and not truly malware, but it can have serious consequences," he says.
These include the poor coding, which could allow the adware to destabilise the system or the browsers, creating errors that will require IT to spend time and money troubleshooting.
He also says that adware can create security holes on the endpoint and communicate private information through insecure channels.
The second category of malware is rarer, Reed says, but "more serious when encountered."
"Case in point: the first Mac ransomware was seen just this year, and it destroyed the data of some Mac users. Malware may also steal sensitive data, financial or otherwise, provide a backdoor for continued access to the system, and use computer resources for illegal acts (such as denial of service attacks), among other things."
Finally, PUPs are "scam apps that trick the user into purchasing for some needless purpose."
He cites the example of MacKeeper, a programme which promises to improve Mac performance but actually ends up degrading it through unhelpful reminders and notifications.
Since Mac threats at the moment are entirely Trojans, Reed says, meaning that they require the user to run them in order to infect the machine, the main threat is to less savvy users.
He says that the general perception of Macs as safe has led to complacency among users, who hence often tend to avoid anti-virus software.
So for the increasing number of businesses that are using Macs, what are the key security considerations?
Pedro Bustamante, Vice President Products & New Technologies at Malwarebytes, says that companies need to spend the same amount of care and attention on Macs that they spend on securing Windows machines.
"Cybercriminals are on the lookout for easy targets, and nothing could be easier than capitalising on under- or un-protected Mac systems shrouded under a false sense of invincibility," he says.
This of course means having the same degree of firewalls and antivirus protections that you would have in place for any Windows device. It also means ensuring that all the available privileges offered to Mac administrators are properly optimised for the company.
However, it is not just a technological fix. As Reed says, awareness is a major challenge in handling Mac security.
While users might think that their Mac machines are immune to cyber threats, it is crucial that they apply the same standards of security hygiene in day-to-day usage. This means not clicking on unverified links, ensuring that they only download safe files.
This requires a major mindset shift, and needs to start happening before the sharply escalating threats force it to happen anyway.
With Mac threats still at a reasonably primitive level, if businesses get a head-start they may be able to stay ahead of the criminals on this platform.