Apple devices have long enjoyed a reputation for being inherently more secure than other operating systems. Even Apple's infamous “Get a Mac” ad campaign highlighted the security of Macs and mocked certain Windows security features.
When this campaign was launched in 2006, the claim was probably true. Macs tended to be more common as personal devices, making them a less attractive brand for cybercriminals attacking corporate targets.
However, as Apple has carved out a larger niche for itself in the workplace, this status quo has changed and Apple devices are now a lucrative target for threat actors. We are seeing a more diverse range of threats targeting the Apple ecosystem and organizations must be prepared to defend themselves.
Growing threats in the Mac ecosystem
In the past, the Mac malware landscape was predominantly adware, which typically displays or downloads unwanted material but is largely free of more insidious threats. This meant that security teams may have felt comfortable with less rigorous processes, as more dangerous and difficult malware was unlikely to exist.
However, in recent years, cybercriminal groups have intensified their efforts to find vulnerabilities and create malware that exploits iOS or macOS. Jamf's latest annual threat landscape investigation tracked 300 malware families designed for macOS and 21 newly created families in 2023.
It is not only the number of malware families that has increased, but also the type of threats observed. While adware remains the biggest problem, accounting for 36.77% of all malware detected on Mac, we are now seeing a higher proportion of dangers such as Trojans, ransomware, and advanced persistent threats (APTs).
It means that organizations working within the Apple ecosystem now have to deal with malware that poses a significantly greater risk than adware. For example, Trojans are designed to specifically bypass traditional defenses by posing as legitimate software, while encryption attacks have the potential to be very disruptive and costly to businesses.
Senior Security Strategy Manager for EMEIA at Jamf.
The worrying state of cyber hygiene
In addition to creating new malware, cybercriminals continue to develop and refine their social engineering techniques. This means that organizations need a strong focus on cyber hygiene for both technical processes and users. Unfortunately, we found that companies often fell short of the goal.
Phishing remains a major threat and attackers are especially interested in exploiting mobile users. We found that phishing attempts on mobile devices are about 50% more successful than on desktop, highlighting a vulnerability that extends beyond traditional computing devices.
We also found that mobile devices were very prone to vulnerabilities. An alarming 40% of mobile users in our research used devices with known vulnerabilities that had not been patched, demonstrating that mobile is often not managed or patched to the same degree as desktop computers.
The importance of regular updates and strict security protocols cannot be understated. This oversight exposes organizations to significant cybersecurity risks, as outdated software often lacks the necessary defenses against new emerging threats. For example, Pegasus spyware often exploits zero-day vulnerabilities in both new and old devices.
Compounding this, critical security settings such as encryption and lock screens are often disabled, making it easier for attackers to access sensitive data once they have compromised a system.
This is especially crucial as the volume and variety of malware continues to increase and more and more attackers set their sights on Macs. Organizations that had previously gotten away with lax security processes for their Apple machines could soon see that their luck is running out.
Best Practices for Mitigating Mac Malware
Organizations must adopt a more proactive security posture to stay ahead of the growing threat of Mac malware and other cyber risk trends. There are several different intertwined paths that can be taken here.
At a basic level, endpoint detection and response (EDR) tools are essential for maintaining situational awareness of the security status of all endpoints. These endpoint protection tools detect potential threats in real time and provide automated responses to identified risks, thus enabling continuous monitoring and immediate action against potential security breaches. Organizations should ensure that all devices are equally covered by their EDR, spanning Windows, Mac, and any other operating systems present in the corporate environment.
Companies should also focus on the hygiene fundamentals of security. This includes committing to routine software updates to fix vulnerabilities and training employees on best practices, such as the use of passwords and settings such as encryption. Companies can consider supporting this by implementing advanced device management tools to monitor and manage device configurations to ensure they are in line with company policy.
Data encryption also plays a vital role in protecting information. This is often a weak point and we found that 36% of devices disabled the crucial FileVault encryption feature. By encrypting data both in transit and at rest, organizations ensure that even if data is intercepted, it will remain indecipherable to unauthorized parties.
Finally, companies should look to adopt the Zero Trust model. This security framework operates on the principle that no entity inside or outside the network is automatically trusted. Each access attempt must be rigorously verified, significantly reducing the potential for breaches and unauthorized access. This can provide an effective defense against any form of infringement that seeks to move across the network.
Looking to the future
As Mac devices become increasingly common in the workplace, it has never been more important to ensure comprehensive security plans are in place. Any organization still relying on a lighter Mac security regime that targets nuisances like adware will be unpleasantly surprised by new, more dangerous threats. Companies should ensure that they not only have a multi-layered strategy, but that it is applied consistently to all devices that connect to the corporate environment.
We list the best mobile device management solution.
This article was produced as part of TechRadarPro's Expert Insights channel, where we feature the best and brightest minds in today's tech industry. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing, find out more here:
