Admit it Apple fans, Macs are no more secure than the rest of them

Mac users are fiercely defending their platform's security after KeRanger, but they're wrong to

Apple MacBook Retina 12in review

Why are Mac users still in denial that their platform of choice is as insecure as the next? That's the question that needs to be answered following the, admittedly rather lame, discovery of the first ransomware to target the OS X platform.

Let's get this straight, KeRanger (discovered by Palo Alto Networks) has been somewhat over-hyped by a media hungry to run with a 'Mac is insecure, told you so' story. The truth of the matter is that only around 6,500 downloads of the infected files are thought to have been distributed.

Advertisement - Article continues below

But KeyRanger does serve as a reminder that you don't get a free pass from threats when you buy into the Mac ecosystem. Let's not forget that KeRanger was a fully functioning piece of ransomware, albeit a pretty crappy one.

It came as part of a compromised BitTorrent client installer (Transmission) for OS X and certainly had the ability to encrypt user files then issue a $200 ransom demand for the decryption key. Unfortunately, it was based upon a Linux ransomware variant that was already known to be flawed, called Linux.Encoder.

That KeRanger waited for three days before contacting the Command & Control servers over the Tor network to initiate encryption, presumably in an attempt to bypass behavioural security checks, was one shot in the foot. Apple revoked the compromised binary signing certificate within this timeframe, so the OS X Gatekeeper protection would have kicked in and prevented the .dmg file from opening.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

Another was that anyone who was unfortunate enough to get infected and have their files encrypted could use their Time Machine backups. KeRanger was meant to encrypt these files as well, but the code was broken and so this didn't happen.

However, that KeRanger exists is the point that should be of concern to Mac users, because it demonstrates what everybody in the IT security industry already knows: Macs cannot escape the attention of the bad guys forever.

As Tim Erlin, director of security at Tripwire, says, "it may have taken a little longer for ransomware to come to the Mac, but that shouldn't be interpreted in terms of relatively security, but in terms of target density".

In other words, the larger the Mac user base gets, the more attractive a target it becomes for the criminal fraternity. Especially given that Mac users, and forgive me for the sweeping generalisation, have tendency to be less security savvy than Windows users these days. Maybe this is because Windows users have been forced to accept that security is a problem and so it is slowly becoming harder for them to be fooled into taking hackers' bait. At some point the bad guys are going to start looking for easier prey to fool, and that point is now.

Advertisement - Article continues below

That ransomware is the threat to bang this 'your Mac security is wack' message home is no surprise, it's been cyber criminals' attack of choice for a good couple of years now. The reason being that, in terms of returning a profit, it works. That it didn't in the case of KeRanger is more down to poor execution on the part of the perpetrator rather than any Mac cloak of invincibility, truth be told.

But there remains a reticence, a dogged and angry determination, on many online forums to deny any hint of insecurity about the Mac platform. This should be of concern to all. Cybercriminals follow a couple of rules when it comes to choosing targets: how easy is it to infect them and what's the return on investment going to be?

The former has not really been put to the test yet, but if you think of KeRanger as being an amateur probing the possibilities then it stands to reason the pros will do a lot better job of executing the threat. And if that does turn out to be the case, the answer to the ROI question is likely to come with plenty of zeroes on the end.

Advertisement - Article continues below

The bottom line is that Windows is no longer the only target. Android has been on the ransomware radar for a long time, and Linux servers joined the gang at the start of this year. That Mac users appear to put all their faith behind disallowing unsigned software, which KeRanger has proved can be bypassed, is a dangerous defensive posture.

Featured Resources

The case for a marketing content hub

Transform your digital marketing to deliver customer expectations

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

IT faces new security challenges in the wake of COVID-19

Beat the crisis by learning how to secure your network

Download now
Advertisement
Advertisement

Recommended

Visit/security/malware/355093/evasive-malware-threats-are-surging
malware

Evasive malware threats doubled in 2019

24 Mar 2020
Visit/security/malware/28083/the-five-best-free-malware-removal-tools
Security

Best free malware removal tools 2019

2 Mar 2020
Visit/antivirus/28144/best-antivirus
antivirus

Best antivirus for Windows 10

3 Sep 2019

Most Popular

Visit/security/34616/the-top-ten-password-cracking-techniques-used-by-hackers
Security

The top ten password-cracking techniques used by hackers

5 May 2020
Visit/mobile/5g/355712/nokia-5g-speed-record
5G

Nokia breaks 5G record with speeds nearing 5Gbps

20 May 2020
Visit/cloud/cloud-computing/355742/microsoft-launches-public-cloud-service-for-health-care
cloud computing

Microsoft launches public cloud service for health care

21 May 2020