The year 2020 kicked off with reports that Mac cyber threats had taken off, with machines encountering twice as many threats as Windows systems. But as the year came to a close, the average user of the Mac OS continued to see fewer malware and ransomware threats than Windows users, security experts say.
In February of 2020, endpoint security firm Malwarebytes reported that its Mac users encountered about twice as many "threats" as Windows users. Those threats, however, consisted mainly of potentially unwanted programs (PUPs) and adware, not malware.
While the data for the entire year has not been fully analyzed, the trend seems likely to continue, says Thomas Reed, director of Mac and mobile for Malwarebytes.
"On Windows, we have all sorts of exploits that happen—it is a much more common thing on the Windows side to, say, visit a website and suddenly your machine is infected," he says. "That really does not happen on the Mac OS."
Apple has typically benefited from its minority marketshare among desktop and laptop systems as well as a more tightly controlled ecosystem. Binaries typically must come from either the Apple App Store or a recognized developer, for example, to avoid requiring the user to specifically allow the program to install, a feature more restrictive than the AppLocker policy on Microsoft Windows.
Not Immune, Though
However, Apple's operating systems—both Mac OS and iOS—are certainly not immune to attacks.
A recent report by The Citizen Lab at the University of Toronto underscored that the commercial sale of zero-click exploits in iMessages, for example, continues to allow governments to buy access to target dissidents. Now, malware families that have previously only targeted Windows, and sometimes Linux, are also being ported to target Macs, says Ian Davis, a senior threat researcher at BlackBerry.
"Historically MacOS threats mainly centered around adware and trojanized downloaders of well-known software," he says. "While these less-than-lethal families are still the majority of encountered samples, advanced attacks and toolsets are now being developed and deployed along with their counterparts for Windows and Linux."
Overall, the sophistication of MacOS threats is increasing, the two researchers say. Previously encountered families on Windows or Linux are also now targeting MacOS systems. In 2020, the community saw increased cases of ransomware, botnet campaigns, and information-stealing backdoors in MacOS environments.
Mac User = The Vulnerability
While at least a quarter of the threats encountered by Windows systems are malware, less than 1% of those encountered by Mac systems are considered malware, Malwarebytes stated in its February report. Instead, attackers targeting the Mac look to fool the user into taking the necessary steps to allow malware to run.
The tactics underscore that the user has become the most significant vector for running dangerous code on systems, and so companies should make sure to train Mac users to be more aware of security threats, says Blackberry's Davis.
"Users should exercise caution downloading or running software from untrusted sources and granting any added permissions, regardless of their chosen operating system or architecture," he says. "Threats continue to largely rely on users running the executable and/or granting administrator rights during execution rather than making use of exploits to escalate privileges and obtain persistence."
An interesting side effect of Apple's focus on tools to strengthen user privacy is that attackers are often blocked from accessing data on Macs, notes Malwarebytes' Reed. An attacker that wants to access to the user's address book, for example, will need to gain specific rights—an action that gives the user another attempt to recognize an attack.
"Because of some of the privacy protections that apple is putting in place, in order to do that, I have to figure out a way to trick the user into giving me access into all the protected data locations on the system, such as Calendars, Addresses," he says.
"Mac OS is far from invulnerable when it comes to the attacker's perspective," says Malwarebytes' Reed. "I am always telling people at conferences—somewhat facetiously—that I'm disappointed in what some of the Mac malware does, (but) as long as you know that your target will fall for what you are doing, then why bother with something sophisticated."
Meanwhile, attackers overall are upping their game, and those developing malware for Macs are continuing to incorporate tactics pioneered by malware families on Windows and Linux, BlackBerry's Davis notes.
"The old adage that MacOS is not susceptible to malware is far from the truth and the gap between Windows and MacOS threats is closing," he says.