MacOS comes in as second favorite, with a share of just under 16%.<\/p>\n\n\n\n
You would think, looking at these percentages, that security solutions like ours<\/a> would be protecting the corresponding numbers of devices running each of these operating systems.<\/p>\n\n\n\n But you\u2019d be wrong.<\/p>\n\n\n\n The actual stats indicate a skewed number of Windows to macOS machines that are covered by Admin By Request\u2018s endpoint security software, meaning there are more unprotected macOS devices than there are Windows.<\/p>\n\n\n\n So why are Apples struggling to get the protection they need?<\/p>\n\n\n\n It stems from the myth that Apple Macintosh devices \u201cdon\u2019t get viruses\u201d \u2013 which is exactly that: a myth.<\/p>\n\n\n\n Apple Macs do get infected with malware, but this occurrence has historically occurred to a much lesser degree on macOS than on the Windows operating system.<\/p>\n\n\n\n Here are some explanations behind Mac\u2019s reputation of being immune to malware:<\/p>\n\n\n\n We know the numbers: there are about four times the number of devices running Microsoft Windows worldwide than there are those running macOS.<\/p>\n\n\n\n 1. More numbers mean a larger target. It makes sense for attackers to go for the larger audience: Windows. A larger target audience means more damage can be done; within large companies are thousands of Windows end-user devices, meaning viruses have the potential to propagate further; more money can be made in the case of ransomware when larger, more profitable organizations are targeted.<\/p>\n\n\n\n 2. Familiarity with the target OS. Malware isn\u2019t one size fits all: it has to be designed to fit an operating system. Because the Windows platform is more commonly used worldwide, attackers are more likely to be familiar with the Windows operating system and therefore, more skilled in creating malware that is tailored specifically towards this OS.<\/p>\n\n\n\n Thanks to clever marketing strategies and\u2026 a little bit of truth.<\/p>\n\n\n\n 1. Apple has always highlighted built-in security as a key feature of the Mac operating system, which, in the early days, may have given some truth to the \u201cMacs don\u2019t get malware\u201d myth. However, with the rise of increasingly complex malware and targeted, hand-launched attacks, built-in OS security alone is not enough to keep up.<\/p>\n\n\n\n 2. In classic Apple style, what users and applications can do on the macOS operating system is more restricted compared to the freedom and customization afforded on Windows. For that reason, attacks aimed at Mac devices usually have to rely more heavily on social engineering<\/a>, making macOS a more difficult target \u2013 but still a target, nonetheless.<\/p>\n\n\n\n There is no denying that Mac attacks \u2013 once a rare thing \u2013 are becoming increasingly common, with high-profile attacks debunking the malwareless-Mac myth once and for all:<\/p>\n\n\n\n 2016 \u2013 KeRanger Ransomware Trojan<\/strong><\/p>\n\n\n\n 2016 saw ransomware target macOS in the form of OSX.KeRanger, from an infected Transmission<\/a> (a BitTorrent client) installer. BleepingComputer reported<\/a> on the infection: executed remotely three days after being installed on the user\u2019s computer, it would then encrypt files and demand payment of 1 bitcoin for decryption. The malicious installer was able to infect 7000 Mac devices, as it was signed with a legitimate Mac certificate, meaning it could bypass Apple’s built-in security \u2013 told you so!<\/p>\n\n\n\n 2018 \/ 2019 \/ 2020 \u2013 Trojan-family Shlayer<\/strong><\/p>\n\n\n\n Under the guise of the Adobe Flash Player installer \u2013 a tried and tested favorite \u2013 OSX.Shlayer was the biggest threat to macOS users from 2018 to 2019, and has made a return to the macOS scene in 2020. Researchers at Intego did a breakdown<\/a> on the malware, which, once installed on a Mac device, begins downloading adware and PUPs (potentially unwanted programs) and promoting fake search engines to the user.<\/p>\n\n\n\n 2020 \u2013 ThiefQuest File-Stealer<\/strong><\/p>\n\n\n\n In July last year, BleepingComputer analyzed file-stealing and data-destroying malware<\/a> disguised as ransomware, ThiefQuest. Downloaded from mainstream torrent sites in the form of pirated apps, the packages of compressed installer files appear to be legitimate to the user but contain malicious software and launch scripts, along with legitimate installers. Like most ransomware, files are encrypted upon launch, with no way for victims to contact the attackers after paying the ransom, or for attackers to identify who has paid \u2013 prompting the belief that ThiefQuest is stealing data under the guise of ransomware.<\/p>\n\n\n\n 2021 \u2013 XLoader<\/strong><\/p>\n\n\n\n For the bargain price of $49 USD, you can now get yourself a Mac MaaS (\u201cMalware-as-a-Service\u201d) tool from the Dark Web, which, according to Computer World<\/a>, can harvest user logins from browsers, collect screenshots, log key strokes, and download and deploy malware on the victim machine. Named XLoader, the Apple security threat is derived from the data-stealing trojan, Formbook \u2013 currently the sixth-most active malware family of all time<\/a>.<\/p>\n\n\n\n 2021 \u2013 CVE-2021-30869 in macOS Catalina<\/strong><\/p>\n\n\n\n In September this year, Erye Hernandez of Google Threat Analysis Group discovered an exploitable vulnerability<\/a> on Mac\u2019s Catalina OS, allowing malicious applications to execute arbitrary code with kernel privileges and take full control of the system.<\/p>\n\n\n\n Threats like ThiefQuest and XLoader are only going to surge as macOS gains more of a market share while the Windows share decreases; Check Point Software head of research, Yaniv Balmas, agrees: \u201cWhile there might be a gap between Windows and MacOS malware, the gap is slowly closing over time. The truth is that MacOS malware is becoming bigger and more dangerous.\u201d<\/p>\n\n\n\n Malwarebytes Labs confirmed this in their 2020 State of Malware Report<\/a>: in 2019, for the first time, macOS threats outpaced Window:<\/p>\n\n\n\n Figure 1: Graph taken from Malwarebytes Labs 2020 State of Malware Threats Report showing Detections per endpoint 2018-2019.<\/em><\/p>\n\n\n\n This was an all-time high for Mac attacks, attributed to the following in the report:<\/p>\n\n\n\n And although Mac attacks decreased considerably in 2021 (down 38%), that\u2019s no reason to get complacent; as we know, the trend in market shares shows macOS\u2019s increasing popularity over time, which is undoubtedly going to make it more and more of an appealing target to hackers in the future:<\/p>\n\n\n\n Figure 2: Graph provided by StatCounter showing Desktop Operating System Market Shares Worldwide from 2009 \u2013 October 2021.<\/em><\/p>\n\n\n\n The maths is simple: a bigger target = more data, damage, and potential financial gains.<\/p>\n\n\n\n So, what can you do about it?<\/p>\n\n\n\n An all-encompassing solution is to deploy Privileged Access Management (PAM) software on all of your Mac endpoints, to control, monitor, and audit what your Apple users are doing on their devices.<\/p>\n\n\n\n Admin By Request is an endpoint PAM solution that covers the fundamentals:<\/p>\n\n\n\n 1. Controls what users have access to.<\/strong><\/p>\n\n\n\n The solution\u00a0revokes admin rights<\/a>\u00a0so that your end users only have the bare minimum privileges they need in order to do their job. When users do need to do a task that requires elevated privileges, Just-in-Time elevation (JIT) gives them the ability to self-initiate a temporary elevated session \u2013 with all file downloads scanned by over 30 anti-malware engines. Controlling user privileges and downloads makes it much harder for users to unknowingly install malware onto the OS\u00a0\u2013 even with the constantly evolving social engineering tactics.<\/p>\n\n\n\n 2. Monitors requests for elevated privileges.<\/strong><\/p>\n\n\n\n The biggest Mac attacks and exploits require privilege escalation to install malware and take control of the OS. With Admin By Request, requests for elevated access \u2013 along with user details and a valid reason \u2013 are sent in real time to the Admin By Request User Portal, keeping you in the loop of what your users are up to at all times, and why. Elevated privileges can\u2019t be obtained without a request, which in turn can be viewed, approved, or denied, with all data from approved requests logged in the Auditlog \u2013 more on this below.<\/p>\n\n\n\n 3. Audits elevated activity.<\/strong><\/p>\n\n\n\n All elevated session data is logged and displayed in the Admin By Request Auditlog, including details of installed or uninstalled software, and programs executed with elevated privileges. This means potential security breaches and attempts to deploy malware and infiltrate the wider network are much more likely to be detected early on and prevented.<\/p>\n\n\n\n But the real apple-teaser here is that Admin By Request is a cross-platform PAM solution: it offers a version for macOS as well as Windows, with no AD sync required.<\/p>\n\n\n\n Just to reiterate how sweet of a deal this is, here\u2019s a real-life example:<\/p>\n\n\n\n Scenario:<\/strong> You have an organization with 30,000 Windows devices and a grand total of 7 Apple Macs. You want comprehensive cyber security, and in fact, you\u2019re required to cover ALL endpoints in order to be compliant.<\/em><\/p>\n\n\n\n Solution:<\/strong> You can get all of your endpoints \u2013 Windows or macOS \u2013 fully covered and compliant using Admin By Request as a single, easy-to-deploy PAM solution.<\/em><\/p>\n\n\n\n More on that here<\/a>.<\/p>\n\n\n\n So if you\u2019re really serious about taking macOS security seriously \u2013 or you simply have a few Apples in your organization that don\u2019t want to be left out \u2013 this is your solution to protect all your endpoints before Macs become even more of a target.<\/p>\n\n\n\n Admin By Request offers a free plan for up to 25 endpoints to help you make the move towards a more secure and managed macOS environment \u2013 give it a go here<\/a> and get ahead of the next Mac attack.<\/p>\n","protected":false},"excerpt":{"rendered":" Despite contrary belief, security is a big problem for the modern Mac operating system. Admin By Request\u2019s cross-platform solution can help you address this problem and get your Apples under control.<\/p>\n","protected":false},"author":2,"featured_media":7761,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[36],"tags":[130,73,106,75,74,82,104,105,79,115,84],"ppma_author":[10],"class_list":["post-3686","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blogs","tag-antimalware","tag-apple","tag-features","tag-mac","tag-macos","tag-malware","tag-operating-system","tag-os","tag-ransomware","tag-security","tag-virus","entry","has-media"],"aioseo_notices":[],"aioseo_head":"\n\t\t\n\t\n\t\n\t\n\t\n\t\n\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\tThe MacOS Malware Myth<\/h2>\n\n\n\n
\n
\n
![\"\"\/](\"https:\/\/www.adminbyrequest.com\/Images\/Blogs\/MacSecurity.png\")
<\/figure>\n\n\n\nCan I Order a Big Mac and Files Please?<\/h2>\n\n\n\n
Mac Attacks are On the Rise<\/h2>\n\n\n\n
![\"\"\/](\"https:\/\/www.adminbyrequest.com\/Images\/Blogs\/macThreats-01(2).png\")
<\/figure>\n\n\n\n![\"\"\/](\"https:\/\/www.adminbyrequest.com\/Images\/Blogs\/MacWindowsThreatGraph-01(1).png\")
<\/figure>\n\n\n\n\n
![\"\"\/](\"https:\/\/www.adminbyrequest.com\/Images\/Blogs\/StatCounter-os_combined-ww-monthly-200901-202109.png\")
<\/figure>\n\n\n\nPreventing Attacks on Macs: Control, Monitor, Audit<\/h2>\n\n\n\n
Don’t Let your Apples Fall Too Far from the Tree<\/h2>\n\n\n\n
In a Macshell:<\/h2>\n\n\n\n