This is a contributed piece by Brian J Best, Apple Strategist, LOGICnow
Earlier this year saw the first ever recorded example of ransomware targeting MacOS. Transmission, a BitTorrent client, came with an unexpected extra: three days after installation, files would be encrypted and would only be unlocked for one bitcoin – around $550.
Ransomware may be grabbing the headlines today, but it’s really just another stop on the journey cybercriminals have been on. What was once mischief for mischief’s sake – such as the AOHell script breaking AOL’s email back in 1994 – is now often done with a purpose. Sometimes that’s political, but with ransomware the motive is financial. The only thing new here is that MacOS was the target.
Despite the lingering myth that Macs are safe from this sort of attack, it should now be clear that they are in fact far from invulnerable, and the problem is only going to get worse. Thanks to Apple’s dominance in certain sections of the consumer market, the growing trend of BYOD and CYOD, plus Apple’s recent efforts to make their devices more enterprise-friendly, it’s more and more common for Macs to be on the desks of more just than the creative departments of businesses.
Complacency and risk
The problem businesses face is that Macs are often treated as a separate and often unmanaged part of their IT estate.
Businesses will often provide software for Windows users but Mac users often have to fend for themselves. Even if the company is forward thinking enough to pay for the software needed, the Mac will remain ‘outside’ of the control of the IT department. The software – including that for security – that is installed on other devices as a matter of course will likely not be installed on the Mac.
For many consumers, security software is a hassle that they don’t really need. Who wants to install software with a reputation for limiting online access and slowing things down? Who wants to install software that nags at you constantly to upgrade to the ‘Pro’ version? Who wants to have their wings clipped by software that may block off parts of the internet as risky?
Plus, people think they are smarter than those who seek to infect their device. No one thinks they will be silly enough to click on a risky link or open a virus-loaded attachment until it actually happens. People see the tide of scam emails in their junk folder and think that there’s no way one of those obvious ploys would fool them. And then, one day, they click.
Macs that are used on an enterprise network either directly or on a VPN are ‘trusted devices’ even if they lack the software that would make them safe. They have the potential to put the whole network at risk.
How to secure Macs
Macs do have software installed by default that helps prevent attack, but these are not infallible – mostly because they are misunderstood. Gatekeeper is designed to prevent the user from opening a Trojan, the most common threat on Macs. But this is often disabled, either by the user, or by IT looking to solve a raised ticket without understanding the error being presented. XProtect, the other feature unique to Macs, is a novel way to prevent the system from executing certain code – but again it's far from infallible, and not as useful as good patch management and the other countermeasures a service provider could offer.
So how does IT support deal with Macs? It’s simple – they need to use software that provides remote access, monitoring, backup and security for MacOS devices, either through using additional software or by using a software provider that takes care of both Macs and PCs. Macs need to be patched with the same regularity as PCs – for both the OS and the software installed. If Macs are part of your IT estate, they cannot be ignored.
Outsourced IT support providers need to heed this advice too, even if there is no demand to support Mac endpoints. All this means is that your customers don’t see the need. If a Mac is compromised and there are effects beyond the device, IT support will still on some level take the blame – even if it was outside of their remit.
Having a whole new set of devices to support may seem like an onerous task, but putting this in place is actually a growth opportunity for IT support providers. Those businesses who currently think that their Macs can go unsupported without risk may soon learn otherwise – attacks on Macs are only going to increase in sophistication and intensity. Those IT support providers who take the steps now to heed this wakeup call will find themselves in a much better position when the next big Mac ransomware story hits the headlines.
NEXT ARTICLECommercial drones in the US open for business»
Phil Muncaster reports on China and beyond