Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

10/1/2020
09:45 AM
50%
50%

Rise in Remote MacOS Workers Driving Cybersecurity 'Rethink'

With twice as much malware now targeting Macs, IT pros need to scramble to adapt to a large, and likely permanent, work-from-home population, experts say.

With millions of people working from home due to the pandemic, the incidence of adware and potentially unwanted programs (PUPs) is rising much faster on Macs, and Mac-based companies are encountering similar cybersecurity issues to their Windows-based counterparts, according to IT and security experts presenting at the annual Jamf Nation Users Conference (JNUC) this week.

Historically, Mac users and their companies haven't had to worry nearly as much about malware as Windows users, but working from home has highlighted issues in managing remote Mac users. Many IT and security teams, however, haven't had to deal with the issues of managing technology for a zero-touch workforce, said Ed Joras, business development specialist at CDW, an IT solutions firm,during the virtual conference.

Related Content:

The Annoying MacOS Threat That Won't Go Away

The Threat from the Internet—and What Your Organization Can Do About It

New on The Edge: What Legal Language Should I Look Out for When Selecting Cyber Insurance?

"The landscape has changed, and that will require a complete rethink of cybersecurity," he says. "We took all those people who work from the office and now they are at home, and they all became targets the minute that that happened." 

In a presentation on managing remote workers securely, Joras estimated that 25% to 35% of office workers will work from home for the foreseeable future. Rather than expending resources on creating cubicle farms, companies will focus on finding better ways to provision those workers, he said, noting that executives are increasingly describing the situation as "show up when you want to" (SUWYWT).

In terms of cybersecurity, that means focusing on Mac users as much as the devices, Joras said.

"When this settles out, a large group of users are not coming back to the office ever," he says. "What we have to think in terms of is hardened users and hardened user practices because they will always be the weak link in the security chain. We need to find a new balance."

With a remote workforce, security can be more challenging for Mac-reliant companies, especially because the platform is becoming a greater target of attackers, according to a presentation on Mac threats at the virtual conference. 

While detections of Mac-targeting adware, malware, and unwanted programs is only 14% of the total suspicious and malicious programs detected by security firm Malwarebytes, the average Mac encounters twice as much malware as the average Windows computer, said Thomas Reed, director of Mac and mobile security at Malwarebytes.

"Mac malware is on the rise. This is in part due to the rising marketshare of the Mac," he said. "It is also likely to be caused by who uses Macs. There are a lot of dirt cheap Windows machines ... but if you are buying a $2,000, $3,000 Mac, are they a good target? Most likely, yes."

Yet the two platforms see different threats. The vast majority of suspicious and malicious programs detected on Macs are adware and potentially unwanted program (PUPs), with malware accounting for only 0.3% of the detections

"Even though adware is something that a lot of people think is a nuisance, it is something that you don't want on your computer," Reed says. "There is a lot of potential for data exfiltration."

Yet Apple is making significant strides in locking down Macs against unwanted software and giving companies a reliable process for securely setting up systems for remote workers. Healthcare records management company Redox, for example, has a complete process for providing users with a new system straight from the factory while provisioning the system with access and security — a zero-touch process, said Kevin Friel, an IT engineer with Redox, in a presentation on provisioning remote users.

"The end result is a fairly efficient and secure process that allows our IT to reach into that Mac virtually and set it up," he says. "And to the end user, it just works."

For the most part, Apple has hardened the Mac system quite well. The increased requirements for signed code means most malware authors have instead decided not to sign their code and rely on convincing users to click through the warnings necessarily to allow an unsigned program to run.

"Signed malware has made it through before, but it certainly has gotten more difficult with Apple's notarization requirements," said Jaron Bradley, team lead for MacOS detections at Jamf, a device management firm focused on Mac and iOS. "Nowadays it is getting so hard to run applications if the application is not signed, [and] we are getting a lot of unsigned malware."

Yet more work remains to better allow the platform to be remotely managed and secured. For example, using telemetry from security or IT incidents to search for other users with the same problem or likely to encounter the same problem will be necessary, Friel said.

"We envision a time, when after assisting one user, we could scan the logs and find other Macs that are either having a similar issue or maybe moving in that direction," he said.

Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
inforobob
50%
50%
inforobob,
User Rank: Apprentice
10/2/2020 | 11:13:28 AM
Vested Interest
Using a antivirus vendor as a source is not a good idea.  They have a vested interest in making people think Mac's need an antivirus and that the attacks are rampant. 

I have clients with Macs and I have seen only a slight increase in attacks over the last few years.

Robert

IT Consultant
News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-27180
PUBLISHED: 2021-04-14
An issue was discovered in MDaemon before 20.0.4. There is Reflected XSS in Webmail (aka WorldClient). It can be exploited via a GET request. It allows performing any action with the privileges of the attacked user.
CVE-2021-27181
PUBLISHED: 2021-04-14
An issue was discovered in MDaemon before 20.0.4. Remote Administration allows an attacker to perform a fixation of the anti-CSRF token. In order to exploit this issue, the user has to click on a malicious URL provided by the attacker and successfully authenticate into the application. Having the va...
CVE-2021-27182
PUBLISHED: 2021-04-14
An issue was discovered in MDaemon before 20.0.4. There is an IFRAME injection vulnerability in Webmail (aka WorldClient). It can be exploited via an email message. It allows an attacker to perform any action with the privileges of the attacked user.
CVE-2021-27183
PUBLISHED: 2021-04-14
An issue was discovered in MDaemon before 20.0.4. Administrators can use Remote Administration to exploit an Arbitrary File Write vulnerability. An attacker is able to create new files in any location of the filesystem, or he may be able to modify existing files. This vulnerability may directly lead...
CVE-2021-29449
PUBLISHED: 2021-04-14
Pi-hole is a Linux network-level advertisement and Internet tracker blocking application. Multiple privilege escalation vulnerabilities were discovered in version 5.2.4 of Pi-hole core. See the referenced GitHub security advisory for details.