Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

10/1/2020
09:45 AM
50%
50%

Rise in Remote MacOS Workers Driving Cybersecurity 'Rethink'

With twice as much malware now targeting Macs, IT pros need to scramble to adapt to a large, and likely permanent, work-from-home population, experts say.

With millions of people working from home due to the pandemic, the incidence of adware and potentially unwanted programs (PUPs) is rising much faster on Macs, and Mac-based companies are encountering similar cybersecurity issues to their Windows-based counterparts, according to IT and security experts presenting at the annual Jamf Nation Users Conference (JNUC) this week.

Historically, Mac users and their companies haven't had to worry nearly as much about malware as Windows users, but working from home has highlighted issues in managing remote Mac users. Many IT and security teams, however, haven't had to deal with the issues of managing technology for a zero-touch workforce, said Ed Joras, business development specialist at CDW, an IT solutions firm,during the virtual conference.

Related Content:

The Annoying MacOS Threat That Won't Go Away

The Threat from the Internet—and What Your Organization Can Do About It

New on The Edge: What Legal Language Should I Look Out for When Selecting Cyber Insurance?

"The landscape has changed, and that will require a complete rethink of cybersecurity," he says. "We took all those people who work from the office and now they are at home, and they all became targets the minute that that happened." 

In a presentation on managing remote workers securely, Joras estimated that 25% to 35% of office workers will work from home for the foreseeable future. Rather than expending resources on creating cubicle farms, companies will focus on finding better ways to provision those workers, he said, noting that executives are increasingly describing the situation as "show up when you want to" (SUWYWT).

In terms of cybersecurity, that means focusing on Mac users as much as the devices, Joras said.

"When this settles out, a large group of users are not coming back to the office ever," he says. "What we have to think in terms of is hardened users and hardened user practices because they will always be the weak link in the security chain. We need to find a new balance."

With a remote workforce, security can be more challenging for Mac-reliant companies, especially because the platform is becoming a greater target of attackers, according to a presentation on Mac threats at the virtual conference. 

While detections of Mac-targeting adware, malware, and unwanted programs is only 14% of the total suspicious and malicious programs detected by security firm Malwarebytes, the average Mac encounters twice as much malware as the average Windows computer, said Thomas Reed, director of Mac and mobile security at Malwarebytes.

"Mac malware is on the rise. This is in part due to the rising marketshare of the Mac," he said. "It is also likely to be caused by who uses Macs. There are a lot of dirt cheap Windows machines ... but if you are buying a $2,000, $3,000 Mac, are they a good target? Most likely, yes."

Yet the two platforms see different threats. The vast majority of suspicious and malicious programs detected on Macs are adware and potentially unwanted program (PUPs), with malware accounting for only 0.3% of the detections

"Even though adware is something that a lot of people think is a nuisance, it is something that you don't want on your computer," Reed says. "There is a lot of potential for data exfiltration."

Yet Apple is making significant strides in locking down Macs against unwanted software and giving companies a reliable process for securely setting up systems for remote workers. Healthcare records management company Redox, for example, has a complete process for providing users with a new system straight from the factory while provisioning the system with access and security — a zero-touch process, said Kevin Friel, an IT engineer with Redox, in a presentation on provisioning remote users.

"The end result is a fairly efficient and secure process that allows our IT to reach into that Mac virtually and set it up," he says. "And to the end user, it just works."

For the most part, Apple has hardened the Mac system quite well. The increased requirements for signed code means most malware authors have instead decided not to sign their code and rely on convincing users to click through the warnings necessarily to allow an unsigned program to run.

"Signed malware has made it through before, but it certainly has gotten more difficult with Apple's notarization requirements," said Jaron Bradley, team lead for MacOS detections at Jamf, a device management firm focused on Mac and iOS. "Nowadays it is getting so hard to run applications if the application is not signed, [and] we are getting a lot of unsigned malware."

Yet more work remains to better allow the platform to be remotely managed and secured. For example, using telemetry from security or IT incidents to search for other users with the same problem or likely to encounter the same problem will be necessary, Friel said.

"We envision a time, when after assisting one user, we could scan the logs and find other Macs that are either having a similar issue or maybe moving in that direction," he said.

Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
inforobob
50%
50%
inforobob,
User Rank: Apprentice
10/2/2020 | 11:13:28 AM
Vested Interest
Using a antivirus vendor as a source is not a good idea.  They have a vested interest in making people think Mac's need an antivirus and that the attacks are rampant. 

I have clients with Macs and I have seen only a slight increase in attacks over the last few years.

Robert

IT Consultant
News
US Formally Attributes SolarWinds Attack to Russian Intelligence Agency
Jai Vijayan, Contributing Writer,  4/15/2021
News
Dependency Problems Increase for Open Source Components
Robert Lemos, Contributing Writer,  4/14/2021
News
FBI Operation Remotely Removes Web Shells From Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/14/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-3035
PUBLISHED: 2021-04-20
An unsafe deserialization vulnerability in Bridgecrew Checkov by Prisma Cloud allows arbitrary code execution when processing a malicious terraform file. This issue impacts Checkov 2.0 versions earlier than Checkov 2.0.26. Checkov 1.0 versions are not impacted.
CVE-2021-3036
PUBLISHED: 2021-04-20
An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where secrets in PAN-OS XML API requests are logged in cleartext to the web server logs when the API is used incorrectly. This vulnerability applies only to PAN-OS appliances that are configured to us...
CVE-2021-3037
PUBLISHED: 2021-04-20
An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where the connection details for a scheduled configuration export are logged in system logs. Logged information includes the cleartext username, password, and IP address used to export the PAN-OS conf...
CVE-2021-3038
PUBLISHED: 2021-04-20
A denial-of-service (DoS) vulnerability in Palo Alto Networks GlobalProtect app on Windows systems allows a limited Windows user to send specifically-crafted input to the GlobalProtect app that results in a Windows blue screen of death (BSOD) error. This issue impacts: GlobalProtect app 5.1 versions...
CVE-2021-3506
PUBLISHED: 2021-04-19
An out-of-bounds (OOB) memory access flaw was found in fs/f2fs/node.c in the f2fs module in the Linux kernel in versions before 5.12.0-rc4. A bounds check failure allows a local attacker to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The hi...