For a long time the argument was that cyber-criminals didn’t bother to develop Mac viruses. There weren’t enough users to justify the effort. Instead, they’d focus on the lower hanging fruit – PCs running Windows. Yet Apple’s market share is on the rise, and it’s increasingly common to see Macs in the workplace, especially in creative industries. Plus, there’s a widespread assumption that Mac users are a smart target as they are likely to be better off. So, while Macs remain harder to infect (installing most software requires a password), there’s often a greater payoff.
Finding Apple’s Weak Spots
It’s obvious then that bad actors are no longer steering clear. They are actively looking for ways to exploit Macs.
A common approach is to use Trojans. Named after a gift wooden horse that hid an army, Trojans look like something you would want to install. So, Mac users happily enter their passwords to download that application and open the gates to the cyber-criminal. In 2011, for instance, a Trojan called “Mac Defender” took advantage of people’s desire to protect their computers. The fake program appeared to be anti-virus software. Once the users installed it, they’d get an onslaught of pop-up ads encouraging them to buy more fake software. Trojans get through the gates because you let your guard down. You are taken in by that supposed note from a long-lost friend. You think you want to see that pic of that famous celebrity. All it takes to stop this type of attack is suspicion of everything you might install or download.
A business would want to educate its employees about the importance of:
- clicking on emails with care;
- validating the source of any files they plan to open;
- checking a website’s URL (being especially wary of those with less common endings such as .cc or .co);
- questioning any promises of Ray-Ban sunglasses for 90% off or the latest iPhone for $29.99.
A new threat comes from within the Mac App Store, according to Thomas Reed, a Mac security researcher. When a user tries to install an app on a Mac, a Mac OS program called Gatekeeper checks the file’s code signature. The signature helps certify the app is valid. However, Reed found that cyber-criminals could buy a legitimate certificate from Apple, or steal one and trick users. Users would install masked malware that could infect legitimate programs and evade detection.
Apple is always working to protect its users from malware. It has measures in place, and user caution can make a big difference, too. Still, it’s not true that Macs are completely safe.
Find out what you can do to protect your Macs and guard against threats. Partner with a managed services provider to gauge your security levels.
Call us today at 937-660-4899!