Although Macintosh systems have been targeted less frequently than Windows-based systems, they are not immune to malware. Look around the next meeting you are at and notice how many of the systems are Macs; there will be a few of them. Those Macs are at risk of malware just as their Windows cousins are.
In the beginning, Macs were perceived as impenetrable and inherently secure machines that held a reputation besting their rival Windows operating system.
However, a recent technical blog post by the Cylance Threat Guidance Team outlines a rather nasty piece of ransomware targeting Mac OS X. This ransomware sample is part of the FileCoder family and performs just like Windows-based ransomware variants do. It will encrypt all files on the Mac until you pay a BitCoin ransom – and even then, there is no mechanism for the decryption of your files, according to the report, making this a particularly devious piece of ransomware.
The report states:
"Now, the concerning thing about this specific malware: we watched as the malware would query for a specific proxy, which was non-responsive. Due to the way it was implemented, even if you pay up, there is no way for the authors to decrypt this file. This is due to the author never receiving your encryption key, and it not being stored locally. In all cases we investigated in the lab, there was no decryption key we could extract to reverse the encryption."
Myths and misconceptions abound when it comes to Mac computers. One of the more interesting pieces of fiction floating around the internet is the idea that Macs are somehow impervious to the kinds of security attacks (viruses, ransomware, Trojans, exploits, etc.) to which Windows-based PCs frequently fall victim. Perhaps not surprisingly, Apple itself has encouraged this view through its “Mac vs. PC” advertising campaigns years ago, suggesting that malware is a PC issue and is not a concern for Macs. If only that were the case!
The reality is that Macs are just as vulnerable. If anything, the belief of Mac users that they’re immune to attack exacerbates their vulnerability. For example, the painful lack of security on Macs increases the likelihood that a successful attack on the community of Mac users will be severe, if and when it happens.
Moreover, because well-written malware does not reveal itself to the user, an infected machine with no security software monitoring it can operate at the malware author’s will, with no awareness of infection on the part of the user. Thus, the use of unsecured Macs in the enterprise perforates your security perimeter, creating gaps that are just large enough to allow hackers in and provide them with an opening into the rest of your network.
This view of Macs as being ‘clean machines’ seems to derive from the fact that, until recently at least, there were so few of them around, compared to the size of the Windows army. The OS was considered by many so-called experts to be too small a target for hackers and others interested in stealing data. Larger targets generate a bigger “bang for the buck” for cybercriminals, who like legitimate businesses, want to maximize their ROI they get in return for their effort. That helps explain why criminals didn’t pay much attention to Macs when they made up a tiny fraction of market share and were used primarily by college students, designers, and musicians. But that’s now changing, with the recent explosion of mobile devices offered by Apple, from iPhones to iPads.
While users can avoid victimization by not opening email attachments from unknown senders, we know that is not always realistic in enterprise environments. Security controls should not be so restrictive that they compromise business operations.
CylancePROTECT uses multiple protection elements to stop this type of threat before it causes any damage. CylancePROTECT supports versions of OS X from 10.9 (Mavericks) - 10.12 (Sierra), using the same great artificial intelligence technology that protects millions of endpoints today, whether they run on Windows or Mac OS X or Linux.
If you don't have CylancePROTECT®, contact us to learn how our artificial intelligence based solution can predict and prevent unknown and emerging threats before they ever execute.