[Sentinel One] Macs aren't safe 'by design' 01-10-2022, 06:24 AM
#1
From the company's blog:
This just came across my desk today so I thought I'd reiterate on the fact and give more background.
My job entails dealing with threats (especially emerging threats) and I see it time & time again where people mistakenly believe their Mac and iOS devices are safe because Apple is inherently safer than Windows or some other OS.
Let's look at some example numbers of why this isn't accurate to say. These are just the numbers of (disclosed) threats my company has discovered. The number of machines we saw introduced to malware within the Windows OS exceeded 3,000 individual signatures. Linux exceeded 300 signatures and, while low in comparison to Mac OS signatures at 500, that's still a very alarming number.
In 2021: Google's threat seekers saw novel backdoor rootkits serving vulnerabilities unknown and unpatched - the likes of CVE-2021-30869.
Before that, in 2020, the APT known as Milium that was targeted at MacOS which had been repurposed from previous malware campaign WildPressure. It included a new PyInstaller trojan dropper. It also affected unpatched devices and the number of infected computers is officially unknown.
These attacks might seem few and far between when considering the attack architecture of most malware matches that of Windows or Linux, but the truth is that we need to stop assuming MacOS and iOS devices are inherently safer. Especially in 2022, where several emerging threats are predicted to be targeted at MacOS and Apple devices. According to the European Union Agency for Cybersecurity (ENISA), we are in the "golden age of ransomware" with a nearly 150% increase in these attacks - and they're not the only multifaceted structures we're facing so far. Since 2019, at the start of the pandemic, Ransomware-as-a-Service (RaaS) has become commonplace.
Threat actors (SVR, NSO, etc.) aren't getting lazier - it's the companies who believe they're impenetrable - that are getting increasingly & alarmingly more complacent when they should be doubling down on security solutions. CISOs are continually in high demand in today's world. But companies are assuming safety exists simply because they don't disclose sources and specific details about their platform. In fact, as someone who frequently wears many types of hats, I can tell you that it only makes someone with the hacker mindset more interested and puts those vendors and operators at higher risk.
Quote:Unlike Microsoft, Apple is not in the business of selling security software in an attempt to protect its own products, but it still actively promotes the security of macOS as one of the unique selling points of Macs over other hardware. Accordingly, Apple has a vested interest in discouraging the perception that third party security controls are required for Macs in the enterprise just as much as they are for other endpoints.
Apple admitted earlier this year that macOS does have a problem with malware, and while few companies use Macs as servers or network controllers, thus sparing them the attention of ransomware operators, they are extremely popular among both C-Suite executives and developers. This makes enterprise Macs juicy targets for threat actors interested in high-value targets, and the new macOS malware seen appearing over the last 12 months has mostly been espionage and backdoors directed at specific targets.
Meanwhile, Mac users themselves are largely unaware of the many ways that malware can and does beat the built-in security technologies used by Apple. The Mac’s built-in security relies heavily on code-signing, certificate revocation checks and legacy file signatures. Threat actors have little trouble in bypassing these, and like Microsoft Windows, the complexity of operating system software ensures that critical bugs are patched on an increasingly more frequent basis.
This just came across my desk today so I thought I'd reiterate on the fact and give more background.
My job entails dealing with threats (especially emerging threats) and I see it time & time again where people mistakenly believe their Mac and iOS devices are safe because Apple is inherently safer than Windows or some other OS.
Let's look at some example numbers of why this isn't accurate to say. These are just the numbers of (disclosed) threats my company has discovered. The number of machines we saw introduced to malware within the Windows OS exceeded 3,000 individual signatures. Linux exceeded 300 signatures and, while low in comparison to Mac OS signatures at 500, that's still a very alarming number.
In 2021: Google's threat seekers saw novel backdoor rootkits serving vulnerabilities unknown and unpatched - the likes of CVE-2021-30869.
Before that, in 2020, the APT known as Milium that was targeted at MacOS which had been repurposed from previous malware campaign WildPressure. It included a new PyInstaller trojan dropper. It also affected unpatched devices and the number of infected computers is officially unknown.
These attacks might seem few and far between when considering the attack architecture of most malware matches that of Windows or Linux, but the truth is that we need to stop assuming MacOS and iOS devices are inherently safer. Especially in 2022, where several emerging threats are predicted to be targeted at MacOS and Apple devices. According to the European Union Agency for Cybersecurity (ENISA), we are in the "golden age of ransomware" with a nearly 150% increase in these attacks - and they're not the only multifaceted structures we're facing so far. Since 2019, at the start of the pandemic, Ransomware-as-a-Service (RaaS) has become commonplace.
Threat actors (SVR, NSO, etc.) aren't getting lazier - it's the companies who believe they're impenetrable - that are getting increasingly & alarmingly more complacent when they should be doubling down on security solutions. CISOs are continually in high demand in today's world. But companies are assuming safety exists simply because they don't disclose sources and specific details about their platform. In fact, as someone who frequently wears many types of hats, I can tell you that it only makes someone with the hacker mindset more interested and puts those vendors and operators at higher risk.
ed25519/0x21AB6B6A6CB2C337
C87D87466FD205945CF10A3821AB6B6A6CB2C337
C87D87466FD205945CF10A3821AB6B6A6CB2C337
![[+]](https://sinister.ly/images/modern/collapse_collapsed.png)