Macs aren't immune to hacks
Following a spate of Apple-specific vulnerabilities, James Maude warns that CIOs need to be wary of their Mac footprint
James Maude, senior security engineer, Avecto
Microsoft Windows has enjoyed near total dominance in the enterprise desktop market over the last twenty years. The endpoint security market effectively grew in response to this reality. Understandably, those with malicious intentions – and tech expertise – targeted the infrastructure that was prevalent. As the majority of operating systems were Windows, the exploits, malware and attack strategies took this into account.
According to research from Net Applications, in September 2015 the Windows' worldwide market share was 90.84 percent, which is still significant majority. However, coming up on the outside with almost eight percent of the market is OS X – Apple's suite of operating systems.
This growth in Apple's OS X is down to several factors. Firstly, the desirability of the Apple brand has increased exponentially in recent years. The success of the iPod, iPad and iPhone – and the improvements to the Mac line-up – has made it a must-have for creatives and executives alike. Secondly, the consumerisation of IT has meant employees are now dictating what technology they use within the workplace. Given Apple is consistently ranked as one of the world's top brands it's understandable that there would be pressure from staff for these products to be available.
Evidence of this growth was found in a recent survey Avecto carried out with 100 CIOs from large companies. 76 percent of those questioned said they now have Macs within their enterprise, and 32 percent said their Mac estate was increasing. It's a trend that currently shows no signs of stopping.
However, this increased footprint has caught the attention of black hats and malware writers. No longer is it a niche area that isn't worth pursuing. There is a big enough base now to attack, and given Apple is often the penchant of the c-suite they are often high-value targets, too.
Recent high-profile vulnerabilities have made this threat more real. Last year WireLurker was detected, a type of malware that specifically infects OS X computers. It caused a lot of damage and generated many headlines, with some claiming it was ushering in a ‘new era' of iOS and OS X malware.
WireLurker and other Apple-specific threats have started to affect confidence in OS X's ability to stand up the security problems. The Avecto survey found that 40 percent of CIOs say they now have less confidence in Mac security following the discovery of these strands of malware.
Despite this, a potentially dangerous perception still persists – that Macs are fundamentally safer than Windows computers. This too was revealed in the survey, with 28 percent still believing OS X is simply ‘more secure' than Windows.
Recently Avecto has been working closely with Apple security expert Patrick Wardle. He summed it up perfectly when he said: “Apple devices aren't protected by some divine force, they are vulnerable to many of the same attack methodologies as any Windows computer.” Too many organisations expect the vendor to provide complete protection, but that's too much to ask of Apple. CIOs should instead take the matter into their own hands and look to proactive security solutions instead.
If we look at specifics in terms of protection, user accounts on Macs – like any other computer – can be run on a sliding scale of privileges. Security teams should ensure no one has administrative access. It is these accounts that are incredibly valuable to attackers, as they typically provide wide-ranging access on both that specific system and the wider network.
Secondly, unknown applications should be blocked. Employ a detailed whitelist of known, trusted applications and ensure unsanctioned software cannot execute. This simple measure will ensure malicious apps cannot execute – stopping one of the most popular attack vectors.
For too long there has been a false belief and a naivety that Macs are inherently more secure than Windows PCs. Either way, organisations must view them like any other device: an endpoint that can be exploited.
Contributed by James Maude, senior security engineer, Avecto