With twice as much malware now targeting Macs, IT pros need to scramble to adapt to a large, and likely permanent, work-from-home population, experts say.

4 Min Read

With millions of people working from home due to the pandemic, the incidence of adware and potentially unwanted programs (PUPs) is rising much faster on Macs, and Mac-based companies are encountering similar cybersecurity issues to their Windows-based counterparts, according to IT and security experts presenting at the annual Jamf Nation Users Conference (JNUC) this week.

Historically, Mac users and their companies haven't had to worry nearly as much about malware as Windows users, but working from home has highlighted issues in managing remote Mac users. Many IT and security teams, however, haven't had to deal with the issues of managing technology for a zero-touch workforce, said Ed Joras, business development specialist at CDW, an IT solutions firm,during the virtual conference.

"The landscape has changed, and that will require a complete rethink of cybersecurity," he says. "We took all those people who work from the office and now they are at home, and they all became targets the minute that that happened." 

In a presentation on managing remote workers securely, Joras estimated that 25% to 35% of office workers will work from home for the foreseeable future. Rather than expending resources on creating cubicle farms, companies will focus on finding better ways to provision those workers, he said, noting that executives are increasingly describing the situation as "show up when you want to" (SUWYWT).

In terms of cybersecurity, that means focusing on Mac users as much as the devices, Joras said.

"When this settles out, a large group of users are not coming back to the office ever," he says. "What we have to think in terms of is hardened users and hardened user practices because they will always be the weak link in the security chain. We need to find a new balance."

With a remote workforce, security can be more challenging for Mac-reliant companies, especially because the platform is becoming a greater target of attackers, according to a presentation on Mac threats at the virtual conference. 

While detections of Mac-targeting adware, malware, and unwanted programs is only 14% of the total suspicious and malicious programs detected by security firm Malwarebytes, the average Mac encounters twice as much malware as the average Windows computer, said Thomas Reed, director of Mac and mobile security at Malwarebytes.

"Mac malware is on the rise. This is in part due to the rising marketshare of the Mac," he said. "It is also likely to be caused by who uses Macs. There are a lot of dirt cheap Windows machines ... but if you are buying a $2,000, $3,000 Mac, are they a good target? Most likely, yes."

Yet the two platforms see different threats. The vast majority of suspicious and malicious programs detected on Macs are adware and potentially unwanted program (PUPs), with malware accounting for only 0.3% of the detections

"Even though adware is something that a lot of people think is a nuisance, it is something that you don't want on your computer," Reed says. "There is a lot of potential for data exfiltration."

Yet Apple is making significant strides in locking down Macs against unwanted software and giving companies a reliable process for securely setting up systems for remote workers. Healthcare records management company Redox, for example, has a complete process for providing users with a new system straight from the factory while provisioning the system with access and security — a zero-touch process, said Kevin Friel, an IT engineer with Redox, in a presentation on provisioning remote users.

"The end result is a fairly efficient and secure process that allows our IT to reach into that Mac virtually and set it up," he says. "And to the end user, it just works."

For the most part, Apple has hardened the Mac system quite well. The increased requirements for signed code means most malware authors have instead decided not to sign their code and rely on convincing users to click through the warnings necessarily to allow an unsigned program to run.

"Signed malware has made it through before, but it certainly has gotten more difficult with Apple's notarization requirements," said Jaron Bradley, team lead for MacOS detections at Jamf, a device management firm focused on Mac and iOS. "Nowadays it is getting so hard to run applications if the application is not signed, [and] we are getting a lot of unsigned malware."

Yet more work remains to better allow the platform to be remotely managed and secured. For example, using telemetry from security or IT incidents to search for other users with the same problem or likely to encounter the same problem will be necessary, Friel said.

"We envision a time, when after assisting one user, we could scan the logs and find other Macs that are either having a similar issue or maybe moving in that direction," he said.

About the Author(s)

Robert Lemos, Contributing Writer

Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline Journalism (Online) in 2003 for coverage of the Blaster worm. Crunches numbers on various trends using Python and R. Recent reports include analyses of the shortage in cybersecurity workers and annual vulnerability trends.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights