There’s a popular notion that Macs are more secure than Windows devices. It must be noted, however, that as of June 2021, macOS only has a 15.56% share of the desktop market, which is significantly smaller than Windows’ 72.98%. Therefore, the lower number of reported attacks on Macs can be attributed to their OS’s smaller user base.
This means that Macs can still be infected with cyberthreats. In fact, according to Atlas VPN, 674,273 new macOS-based malware samples were discovered in 2020 — a 1,092% increase from 2019’s 56,556. This spike is remarkable, with Apple’s head of software Craig Federighi even admitting that Macs “have an unacceptable amount of malware.”
Apple’s head of software Craig Federighi even admitting that Macs “have an unacceptable amount of malware.”
Anyone can buy and launch malware
Check Point Software recently identified malware built for macOS which they called “XLoader.” The malware spreads through malicious Word documents and can record keystrokes, take screenshots, and obtain information stored in the clipboard. It is also capable of extracting login credentials from most browsers, messaging apps, and email clients. What’s more, XLoader can also install more malware to cause further damage to systems.
What makes XLoader stand out, however, is that it is available under a Malware-as-a-Service model, allowing anyone to purchase and deploy it for their own nefarious purposes. According to Check Point, cybercriminals in 69 countries have requested the malware and 53% of those who have fallen victim to it are based in the United States.
Even Apple can be tricked by cyberthreats
Apps go through Apple’s notarization process that scans them for security issues and malicious content. This process helps to protect Mac users from malware and ease their fears when running software they’ve downloaded online.
Typically, Apple is able to block malware campaigns because of their unnotarized code. Last year, however, the company notarized the code for a Mac malware disguised as an Adobe Flash Player installer. According to Mac security researcher Patrick Wardle, Apple had approved the code used by the Shlayer adware, which has the ability to intercept encrypted web traffic and replace websites and search results with its own ads. Shlayer was dubbed by cybersecurity company Kaspersky as the most common Mac threat in 2019.
This implies that Apple failed to detect the malicious code when the malware was submitted for review. While the notarization was eventually revoked, the attackers launched another notarized variant of the malware, showing that cyberthreats can still fall through the cracks of Apple’s security.
How can you protect your Macs from cyberthreats?
The examples above show that proper cybersecurity should become a priority for Mac users. To protect your macOS devices, here are some best practices you need to follow:
1. Keep your OS and programs updated
Regularly update your OS and programs to mitigate the risk of falling victim to a cyberattack. Updating your programs makes it difficult for cybercriminals to exploit software vulnerabilities to attack your system.
2. Install security software
Install anti-malware software and constantly keep them updated to get the latest data needed to combat new malware and protect your computers.
3. Use software from reliable sources
Installing software from reliable sources minimizes the likelihood of your Macs contracting malware. Here’s how to do it:
- Click on the Apple menu at the top-left corner of the screen and then select System Preferences. This will open a new window.
- Click on Security & Privacy and then select General. If the padlock at the bottom-left corner of the window is locked, make sure to click on it to make changes.
- Choose the sources from which programs can be installed:
- App Store: This is the most secure setting as it allows you to install apps only from the Mac App Store. All app developers in the store are verified by Apple and each app is reviewed before it is published.
- App Store and identified developers: This allows apps from the Mac App Store and developers that are recognized by Apple.
4. Educate your staff
Teach your employees to be cautious of every email or website they open. For instance, if they receive an unsolicited message containing suspicious links and attachments, they should delete it immediately. You can also simulate a malware attack to see how quickly your staff will respond to the real threat. Reward those who did well and provide a refresher to those who struggled with the exercise.
Complete Document Solutions provides the best cybersecurity protection for your Macs by detecting and repelling harmful programs in real time. If your business is in California, request a FREE IT and network assessment today.