Admit it Apple fans, Macs are no more secure than the rest of them

Mac users are fiercely defending their platform's security after KeRanger, but they're wrong to

Apple MacBook Retina 12in review

Why are Mac users still in denial that their platform of choice is as insecure as the next? That's the question that needs to be answered following the, admittedly rather lame, discovery of the first ransomware to target the OS X platform.

Let's get this straight, KeRanger (discovered by Palo Alto Networks) has been somewhat over-hyped by a media hungry to run with a 'Mac is insecure, told you so' story. The truth of the matter is that only around 6,500 downloads of the infected files are thought to have been distributed.

But KeyRanger does serve as a reminder that you don't get a free pass from threats when you buy into the Mac ecosystem. Let's not forget that KeRanger was a fully functioning piece of ransomware, albeit a pretty crappy one.

It came as part of a compromised BitTorrent client installer (Transmission) for OS X and certainly had the ability to encrypt user files then issue a $200 ransom demand for the decryption key. Unfortunately, it was based upon a Linux ransomware variant that was already known to be flawed, called Linux.Encoder.

That KeRanger waited for three days before contacting the Command & Control servers over the Tor network to initiate encryption, presumably in an attempt to bypass behavioural security checks, was one shot in the foot. Apple revoked the compromised binary signing certificate within this timeframe, so the OS X Gatekeeper protection would have kicked in and prevented the .dmg file from opening.

Another was that anyone who was unfortunate enough to get infected and have their files encrypted could use their Time Machine backups. KeRanger was meant to encrypt these files as well, but the code was broken and so this didn't happen.

However, that KeRanger exists is the point that should be of concern to Mac users, because it demonstrates what everybody in the IT security industry already knows: Macs cannot escape the attention of the bad guys forever.

As Tim Erlin, director of security at Tripwire, says, "it may have taken a little longer for ransomware to come to the Mac, but that shouldn't be interpreted in terms of relatively security, but in terms of target density".

In other words, the larger the Mac user base gets, the more attractive a target it becomes for the criminal fraternity. Especially given that Mac users, and forgive me for the sweeping generalisation, have tendency to be less security savvy than Windows users these days. Maybe this is because Windows users have been forced to accept that security is a problem and so it is slowly becoming harder for them to be fooled into taking hackers' bait. At some point the bad guys are going to start looking for easier prey to fool, and that point is now.

That ransomware is the threat to bang this 'your Mac security is wack' message home is no surprise, it's been cyber criminals' attack of choice for a good couple of years now. The reason being that, in terms of returning a profit, it works. That it didn't in the case of KeRanger is more down to poor execution on the part of the perpetrator rather than any Mac cloak of invincibility, truth be told.

But there remains a reticence, a dogged and angry determination, on many online forums to deny any hint of insecurity about the Mac platform. This should be of concern to all. Cybercriminals follow a couple of rules when it comes to choosing targets: how easy is it to infect them and what's the return on investment going to be?

The former has not really been put to the test yet, but if you think of KeRanger as being an amateur probing the possibilities then it stands to reason the pros will do a lot better job of executing the threat. And if that does turn out to be the case, the answer to the ROI question is likely to come with plenty of zeroes on the end.

The bottom line is that Windows is no longer the only target. Android has been on the ransomware radar for a long time, and Linux servers joined the gang at the start of this year. That Mac users appear to put all their faith behind disallowing unsigned software, which KeRanger has proved can be bypassed, is a dangerous defensive posture.

Featured Resources

Virtual desktops and apps for dummies

An easy guide to virtual desktop infrastructure, end-user computing, and more

Download now

The total economic impact of optimising and managing your hybrid multi-cloud

Cost savings and business benefits of accelerating the cloud journey

Download now

A buyer’s guide for cloud-based phone solutions

Finding the right phone system for your modern business

Download now

What’s next for the education sector?

A new learning experience

Download now

Recommended

HackBoss malware is using Telegram to steal cryptocurrency from other hackers
cryptocurrencies

HackBoss malware is using Telegram to steal cryptocurrency from other hackers

16 Apr 2021
Hackers use open source Microsoft dev platform to deliver trojans
Security

Hackers use open source Microsoft dev platform to deliver trojans

14 May 2021
2021 state of email security report: Ransomware on the rise
Whitepaper

2021 state of email security report: Ransomware on the rise

10 May 2021
Hackers used SonicWall zero-day flaw to plant ransomware
ransomware

Hackers used SonicWall zero-day flaw to plant ransomware

30 Apr 2021

Most Popular

KPMG offers staff 'four-day fortnight' in hybrid work plans
flexible working

KPMG offers staff 'four-day fortnight' in hybrid work plans

6 May 2021
Hackers use open source Microsoft dev platform to deliver trojans
Security

Hackers use open source Microsoft dev platform to deliver trojans

14 May 2021
How to move Windows 10 from your old hard drive to SSD
operating systems

How to move Windows 10 from your old hard drive to SSD

30 Apr 2021