As malware threats increase in number and frequency, the next big attack could be looming just beyond the horizon. Which OS is the safest? I will give you a hint: If you believe it is Apple, that type of thinking might be what leads your Mac to be one of the next victims.
Malware attacks against Apple computers have been growing exponentially and, in some cases, more than other attacks. While the threshold for these types of malware attacks has been rather low compared to its competitors, Apple's massive popularity and growing market share have shifted the focus over to its popular line of computing devices in an effort by threat actors to cash in (literally) on this growing target.
SEE: Quick glossary: Malware (Tech Pro Research)
Even the biggest malware attacks may have small beginnings, and threats targeting Apple devices will continue to proliferate unless users protect their devices by adhering to the following tips in conjunction with best practices for data and network security.
Whether it's web-based software or software installed on a device, ad-supported applications and websites can introduce malicious code, which could lead to system compromises that allow for data interception. This could lead to further manipulation or exfiltration by unauthorized parties.
The underlying code for sites of a dubious nature might not be the most trustworthy, so great care should be taken to limit access to such sites either by using web filters or proxy servers. You should ensure that websites requiring logins or access to critical or sensitive information, especially personally identifiable information (PII), are encrypted using third-party SSL certificates.
Ad-blocking software halts ads before they load and can be a big help. This software is usually installed as an extension of your browser; Adblock Plus (ABP) or Adblock are two options worth checking out.
Applications, hardware appliances, and compromised computers could have backdoors installed either intentionally or unintentionally due to a manufacturer-included feature or by way of modified code contained within an app that's had its internal security cracked.
Ideally, backdoors serve the intended purpose of providing secondary access to a system in the event that the primary access has been lost or compromised. The main problem with this is that many times backdoors are included with a default (see, not secure) set of credentials that are available to the public. If left unchecked, anyone can gain access to your system through the backdoor and take control and cause havoc, or worse.
Protecting your devices from backdoor access requires reading vendor white papers to assess and close any holes that might provide unauthorized access. Another protection to consider is using officially licensed software—never installed cracked software or software that has been reverse-engineered, as the code modifications may include more than just free access. Additionally, verify the integrity of application installers by verifying the hash value or integrity of the files to those generated by the manufacturer to detect if the software has been modified since being made publicly available.
It's extremely frustrating when you're trying to navigate the internet and you get bombarded by advertisements endlessly. It's even worse when you get bounced from website to website through a series of redirects that seemingly does not end, often causing you to give up and start your search again or close the browser app.
Unfortunately, there is not much you can do to stop this type of behavior, as it largely relies on the underlying code of the website being visited. While scanning the code of each site you plan to visit is not reasonable, you can take steps to improve your chances of not getting hijacked.
As opposed to zero-days, or unknown vulnerabilities, issues that are known to the vendor have patches created to plug these holes and mitigate the problem before it can be exploited by threat actors. These updates are provided by all software vendors, especially operating systems, on a regular basis and should be adhered to on a schedule to ensure systems and their software are kept up-to-date to be protected against known threats.
SEE: IT pro's guide to effective patch management (free PDF) (TechRepublic)
Software bugs and vulnerabilities exist, and, installing system and application updates mitigate these issues and keep devices as secured as possible. However, if updates are not installed and tested prior to deployment, your systems will be vulnerable to attack, or in the case of testing, could be left open to unknown issues introduced by patches that don't play well with your systems. As the newest Spectre/Meltdown patches have shown, the importance of this update cannot be overstated, and yet, some systems have reported performance issues, such as spontaneous reboots and bricked systems that refuse to power on.
Phishing is the most significant method threat actors have in their arsenal to simultaneously deliver malware and obtain credentials from targeted users. And yet, despite expanded awareness, training, and technical solutions in place to thwart phishing campaigns, there's seemingly no end in sight for these forms of attacks.
So how does one protect against phishing attacks effectively? Follow these steps so you have the best chance at not falling prey to phishing campaigns.
Educate yourself and your users on how phishing works and doesn't work, what to look for when faced with plausible scenarios, how to respond to solicited or unsolicited requests, the company policies regarding user credentials, and how changes are communicated throughout the organization. In addition:
- Do not click links or open attachments in emails;
- Ensure that URLs are copied and pasted into browsers, and verify that the links are secured with SSL; and
- Remember that no one (really, not even that nice prince offering you 10% of his riches to help him get his money into the US) gives anything away for free—and just happens to require your personal information such as bank account details or social security number.
With the potential to rack in millions of dollars for threat actors, it's no wonder that ransomware has grown exponentially over such a short period of time. Nor should it surprise anyone that Apple has seen its first native encrypting malware, though so far, it pales in comparison to the devastation left in the wake of similar infections from competing OSes.
There are several ways that ransomware can infect computers—common ways are delivered from payloads that are part of a trojan horse, executing file attachments or links that are part of a phishing campaign, or exploits to known vulnerabilities that were not patched. While many of these types of malware infections can be sidestepped by simply being mindful of where you go online and adhering to "safe internet" practices, ransomware can still affect your computer through unknown vectors, like zero-days.
A heuristics-based security application that monitors your system in real-time, such as RansomWhere?, can do wonders in detecting some of the anomalous threats that occur when a system is copying and encrypting files in the background. By picking up on these types of behaviors, the monitoring software springs into action and halts the encryption process and alerts the user. If you wish to proceed with the process, you authorize the prompt and go about your business; if you did not command the computer to encrypt those files, the ransomware has essentially been stopped in its tracks.
What happens when the system is compromised to such a degree that the security software tasked with identifying and removing the threats is being controlled by the infection?
This is a sampling of how rootkits operate. Once rootkits get ahold of your device, they often require completely formatting the drive and reinstalling the operating system from scratch to make certain that the infection is eliminated.
Most rootkits require administrative access to your Mac to be installed, and in some of the more precarious cases, physical access to the machine's internals in order to pull off highly technical attacks. It may be difficult to do when multitasking, but try to avoid leaving your Apple devices unattended, even if they're locked with a password or protected screen saver. Also, physically secure your devices to limit unauthorized access and removal. Lastly, perform scans on your devices regularly to check for the presence of rootkits using open-source software (e.g., Rootkit Hunter and chrootkit) or a commercial offering from Sophos, Malwarebytes, or ESET to limit your exposure as much as possible.
If you have an email address, you know what unsolicited email messages are and how they can be annoying and productivity killers. Now, protecting against those spam messages is a different matter altogether, especially when it seems like unsubscribing to junk mail results in getting even more sent to your inbox.
Fortunately, most spam protections are built in to everything from email servers to mail clients, and even security suites have plug-ins that interface with your email, filtering it before it gets to your inbox. The trick is to adjust these to suit your needs, as no one-size-fits-all approach has been discovered to work 100% of the time in security, so layering is your best defense.
SEE: Information security incident reporting policy (Tech Pro Research)
As if social media wasn't putting virtually everything under a microscope already, applications reporting our usage habits, ISPs selling users' browsing histories, and websites monitoring our every trip down the virtual aisles, we have to contend with maliciously written software that looks to record our PII and send it to remote servers for archiving. This archive or database is later used against us to perform fraud, theft, harassment—the list goes on and on.
There are ways to protect yourself and your data that are not as drastic as going cold turkey and not using the internet. To combat this, there are a combination of technical solutions and best practices or behaviors to help keep your sensitive data safeguarded.
Keep devices and apps updated to the latest available versions and use security software that actively monitors your devices for threats ensures that you'll be protected against the latest threats and exploits. Also, be sure to use common sense about what data you have on your devices, how you communicate that data, and how it would affect you if it leaked; this will help you determine what data to make unavailable to programs that may spy on you, further ensuring your privacy. For example, you might restrict a GPS application from accessing your photos.
Malicious code can be deployed in any number of ways, but none more common to the technical lexicon than the virus. While sometimes computing anomalies are mislabeled as the work of viruses, their reputation for being a potentially destructive force is often correct. And considering the many different types of malware that fall under the classification of a virus (trojan horse and worm to name a few), not to mention the variations of known viruses that are modified just enough to change their detection by antivirus programs and require new signatures, it is one of the largest categories of malware and continues to grow.
SEE: Security awareness and training policy (Tech Pro Research)
Traditionally, antivirus programs were the most effective means of neutralizing virus infections and cleaning up the mess they leave behind; however, viruses have evolved, resulting in newer, more powerful types of infections that are harder to detect due to their hybridized nature, leading to an increase in their payload or level of severity.
Antivirus programs have had to evolve as well to meet the challenge, though security suites that encompass multiple forms of malware protection offer the greatest safeguard against viral infection in mitigating outbreaks and minimizing the potential fallout from mass infections. Be careful when visiting websites, downloading anything from the internet, and checking email.
Additionally, many downloads from reputable sources are provided alongside their hash values (also known as checksums) that verify file integrity through the use of a computed algorithm. Users should utilize this to their benefit prior to installing anything downloaded from a website by comparing the calculated value of the hash value of the file they downloaded to that of the value posted by the manufacturer on their website. If a discrepancy is encountered, the downloaded file should be discarded, as it could be an indicator that the file has been tampered with and not what it claims to be. For help with this process, read my TechRepublic article How to verify MD5 and SHA-1 checksums with Terminal.
- IT leader's guide to the threat of fileless malware (Tech Pro Research)
- 17 tips for protecting Windows computers and Macs from ransomware (free PDF) (TechRepublic)
- The 10 most common types of malware, and how to avoid them (TechRepublic)
- Here are the 'most clicked' phishing email templates that trick victims (TechRepublic)
- Apple and Cisco team with insurers to offer discounted cybersecurity insurance (TechRepublic)
- Hit by ransomware? This new free decryption tool for GandCrab might help (ZDNet)
If you have tips on how to protect networked Macs from malware, please share them with your peers in the comments.
Jesus Vigo is a Network Administrator by day and owner of Mac|Jesus, LLC, specializing in Mac and Windows integration and providing solutions to small- and medium-size businesses. He brings 19 years of experience and multiple certifications from several vendors, including Apple and CompTIA.