Mac malware gets sophisticated, users are the weakest link
Malwarebytes has published its annual report exploring the state of Mac malware. You can read the entire thing here, but I thought it might be useful to summarize some key findings for the enterprise.
Malware for the rest of us
While the report focuses on Macs, it’s probably fair to say that some of the trends it has identified are true across every platform. The report confirms that the need to work remotely has launched a wave of attacks against business users and a reduction in attempts made against consumers.
“As entire businesses switched to remote working, IT teams found themselves trying to fit months-long projects into days, with security an unfortunate but understandable casualty. Faced with a new landscape, cybercriminals ditched some old tactics and placed a new emphasis on gathering intelligence. And as people adapted to their “new normal,” scammers exploited their isolation with a resurgence in tech support scams,” it states.
The report also shows us that ransomware and attempts to trick users into installing malware buried inside what seem to be legitimate software installers remain a threat.
It also showed that enterprise threats increased as criminals attempted to exploit the opportunity of poorly protected endpoints among users sent home to work.
The big trends
Most attempts continue to be adware and annoying apps such as Mac Keeper, the core attack vectors users need to be concerned about increased in frequency, targeted particularly at the mobile enterprise.
To this end, attempts to install backdoors, data stealers and cryptocurrency miners increased in frequency. We also saw torrents sites used to distribute malware-infested installers, one of which, ThiefQuest, would begin to encrypt Mac files and demand ransoms but was in fact quietly exfiltrating files, including documents, images and crypto wallets.
That last attack is quite worrying, as were a range of phishing attempts designed to extract admin passwords.
All the same, most Mac attacks consist of adware, and most continue to rely on user error, making it all the more important users only download software from legitimate app stores and avoid clicking on email links or entering websites that are or could be insecure. Users remain the weakest link in Mac security.
The report should be essential reading for Mac security.