Admit it Apple fans, Macs are no more secure than the rest of them

Mac users are fiercely defending their platform's security after KeRanger, but they're wrong to

Apple MacBook Retina 12in review

Why are Mac users still in denial that their platform of choice is as insecure as the next? That's the question that needs to be answered following the, admittedly rather lame, discovery of the first ransomware to target the OS X platform.

Let's get this straight, KeRanger (discovered by Palo Alto Networks) has been somewhat over-hyped by a media hungry to run with a 'Mac is insecure, told you so' story. The truth of the matter is that only around 6,500 downloads of the infected files are thought to have been distributed.

But KeyRanger does serve as a reminder that you don't get a free pass from threats when you buy into the Mac ecosystem. Let's not forget that KeRanger was a fully functioning piece of ransomware, albeit a pretty crappy one.

It came as part of a compromised BitTorrent client installer (Transmission) for OS X and certainly had the ability to encrypt user files then issue a $200 ransom demand for the decryption key. Unfortunately, it was based upon a Linux ransomware variant that was already known to be flawed, called Linux.Encoder.

Advertisement
Advertisement - Article continues below

That KeRanger waited for three days before contacting the Command & Control servers over the Tor network to initiate encryption, presumably in an attempt to bypass behavioural security checks, was one shot in the foot. Apple revoked the compromised binary signing certificate within this timeframe, so the OS X Gatekeeper protection would have kicked in and prevented the .dmg file from opening.

Another was that anyone who was unfortunate enough to get infected and have their files encrypted could use their Time Machine backups. KeRanger was meant to encrypt these files as well, but the code was broken and so this didn't happen.

However, that KeRanger exists is the point that should be of concern to Mac users, because it demonstrates what everybody in the IT security industry already knows: Macs cannot escape the attention of the bad guys forever.

As Tim Erlin, director of security at Tripwire, says, "it may have taken a little longer for ransomware to come to the Mac, but that shouldn't be interpreted in terms of relatively security, but in terms of target density".

In other words, the larger the Mac user base gets, the more attractive a target it becomes for the criminal fraternity. Especially given that Mac users, and forgive me for the sweeping generalisation, have tendency to be less security savvy than Windows users these days. Maybe this is because Windows users have been forced to accept that security is a problem and so it is slowly becoming harder for them to be fooled into taking hackers' bait. At some point the bad guys are going to start looking for easier prey to fool, and that point is now.

That ransomware is the threat to bang this 'your Mac security is wack' message home is no surprise, it's been cyber criminals' attack of choice for a good couple of years now. The reason being that, in terms of returning a profit, it works. That it didn't in the case of KeRanger is more down to poor execution on the part of the perpetrator rather than any Mac cloak of invincibility, truth be told.

But there remains a reticence, a dogged and angry determination, on many online forums to deny any hint of insecurity about the Mac platform. This should be of concern to all. Cybercriminals follow a couple of rules when it comes to choosing targets: how easy is it to infect them and what's the return on investment going to be?

The former has not really been put to the test yet, but if you think of KeRanger as being an amateur probing the possibilities then it stands to reason the pros will do a lot better job of executing the threat. And if that does turn out to be the case, the answer to the ROI question is likely to come with plenty of zeroes on the end.

The bottom line is that Windows is no longer the only target. Android has been on the ransomware radar for a long time, and Linux servers joined the gang at the start of this year. That Mac users appear to put all their faith behind disallowing unsigned software, which KeRanger has proved can be bypassed, is a dangerous defensive posture.

Featured Resources

The IT Pro guide to Windows 10 migration

Everything you need to know for a successful transition

Download now

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Software-defined storage for dummies

Control storage costs, eliminate storage bottlenecks and solve storage management challenges

Download now

6 best practices for escaping ransomware

A complete guide to tackling ransomware attacks

Download now
Advertisement

Recommended

Visit/malware/33080/hackers-abuse-linkedin-dms-to-plant-malware
malware

Hackers abuse LinkedIn DMs to plant malware

25 Feb 2019
Visit/antivirus/28144/best-antivirus
antivirus

Best antivirus for Windows 10

3 Sep 2019
Visit/security/malware/28083/the-five-best-free-malware-removal-tools
Security

Best free malware removal tools 2019

8 Mar 2019

Most Popular

Visit/security/identity-and-access-management-iam/354289/44-million-microsoft-customers-found-using
identity and access management (IAM)

44 million Microsoft customers found using compromised passwords

6 Dec 2019
Visit/cloud/microsoft-azure/354230/microsoft-not-amazon-is-going-to-win-the-cloud-wars
Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019
Visit/hardware/354237/five-signs-that-its-time-to-retire-it-kit
Sponsored

Five signs that it’s time to retire IT kit

29 Nov 2019
Visit/business/business-strategy/354195/where-modernisation-and-sustainability-meet-a-tale-of-two
Sponsored

Where modernisation and sustainability meet: A tale of two benefits

25 Nov 2019