If you’ve purchased a Mac expecting to never have to be concerned with malware or hacking, think again! A recent exploit is targeting Mac users. The good news? It’s preventable.
Mac users have long touted the fact that Apple computers are much less likely than computers running Microsoft Windows to be hacked, but that era may be coming to an end. With four times as many Windows 10 computers currently in the marketplace than Macs, it’s not surprising that hackers choose to attack the system that is much more prevalent in the marketplace overall. A recent ransomware attack may be cause for Mac users to stop their taunts of the platform being hacker-proof, however. The good news is that by taking a few simple precautionary steps, you may be able to stop cybercriminals from locking you out of your expensive Mac.
For more than a decade, there’s been a rumor that Apple products are hacker proof, but the reality is that no operating system or data structure is completely airtight. Historically speaking, there are fewer viruses and malware that are targeted to Macs than to PCs, but that doesn’t mean that any Apple OS is immune from threats. There have been more attacks in recent years as ransomware has leaked to the dark web. While Android and Windows will likely always receive a higher percentage of malware than Apple devices, the threats continue to multiply as Apple becomes ever more popular in the marketplace. It’s only a matter of time until specific devices are targeted with browser-specific hacks that bypass some of the security that is baked into OS X.
Phishing emails and third-party exploits of software such as Java or Adobe are also some of the current crops of attacks against Macs, but they’re not the only ones. Macs have been plagued by adware and bloatware — whether malicious or just annoying — that can float pop-up ads on your system to tempt users to download non-essential software tools. These problem spots can slow down the system overall or spawn additional pop-ups, and generally aren’t dangerous. Malicious iOS apps are another form of malware that is likely to be found on a Mac. It’s important to stick with only downloading apps from the official App Store, as others could potentially include subsets of code that can steal user information or infect the device in a much more widespread fashion. While buying from within the App Store helps combat nearly all malicious software, the ever-diligent app reviewers don’t catch everything. In the last 24 months, XcodeGhost was able to introduce a framework into legitimate apps that hijacked back-end servers and ultimately infecting the third-party advertising network.
Hackers are always looking for new ways to hold your device hostage, essentially locking you out of your device until you pay a ransom which is generally requested in nearly-untraceable Bitcoin currency. With ransomware up nearly 250 percent in 2017, cybercriminals have discovered that there is significant money to be made in locking down computers both for individuals and for businesses. Ransomware has often targeted PCs in the past, but mobile devices and Macs are a growing part of the threat landscape. The U.S. has been hit particularly hard, most likely due to the high number of available computers and relatively high per capita income — which translates into funds available to pay for ransom demands. Ransomware often completely disables the boot-up process for your computer, a crippling effect on any system.
This recent risk is related to the Find My Mac application, or FMM, which is being targeted by hackers who then request Bitcoin payments in order to provide renewed access to the system. This particular app makes it simple to pinpoint the current location of your device and is helpful in the case of a lost phone or stolen Mac computer. Apparently, hackers have illegally obtained a large quantity of iCloud passwords and usernames, and are leveraging these assets to lock people out of their Macs and mobile devices. The good news is that there’s a relatively easy fix that doesn’t involve paying the ransom, but only if you’re willing to lose all of the data on your device by doing a hard reset. This can also be accomplished by bringing your Mac to an Apple store and verifying your identity.
Fortunately, there are a few ways that you can reduce the risk of being hit by these cyber criminals. Creating a password that is highly secure is the first step, as is turning off the Find My Mac or Find My iPhone in your device’s Settings. Turn on two-factor authentication on your Apple account to ensure your password cannot be reset without your knowledge, and consider utilizing a password vault app that provides additional levels of security. There’s a further step that you should take before selling or loaning your computer that may help keep your Apple ID information safe, as iCloud information is stored on the nvram of your computer. Disabling FMM at the command line can be accomplished by entering:
$ nvram -d fmm-computer-name
$ nvram -d fmm-mobileme-token-FMM
If your IT admins are struggling to keep security under control, let the professionals at Dynamic Quest support your Atlanta and North Georgia organization. We work to ensure that all risks are addressed in a timely manner throughout your fleet of devices and computers.
The three sectors with the biggest spending on cybersecurity are banking, manufacturing, and the central/federal government, accounting for 30% of overall spending (IDC).
The average cost of a data breach in the United States is $8.64 million, which is the highest in the world, while the most expensive sector for data breach costs is the healthcare industry, with an average of $7.13 million (IBM).
It takes an average of 287 days for security teams to identify and contain a data breach, according to the “Cost of a Data Breach 2021” report released by IBM and Ponemon Institute.
Forty-three percent of attacks are aimed at SMBs, but only 14% are prepared to defend themselves (Accenture).
The cost of cybercrime is predicted to hit $10.5 trillion by 2025, according to the latest version of the Cisco/Cybersecurity Ventures “2022 Cybersecurity Almanac.”.
40% of businesses will incorporate the anywhere operations model to accommodate the physical and digital experiences of both customers and employees (Techvera).
More than 33 billion records will be stolen by cybercriminals by 2023, an increase of 175% from 2018.
The internal team was energized. With the Level 1 work off its plate, the team turned its attention to the work that fueled company growth and gave them job satisfaction.
We did a proof of concept that met every requirement that our customer might have. In fact, we saw a substantial improvement.
We did everything that we needed to do, financially speaking. We got our invoices out to customers, we deposited checks, all the things we needed to do to keep our business running, and our customers had no idea about the tragedy. It didn’t impact them at all.
“We believe our success is due to the strength of our team, the breadth of our services, our flexibility in responding to clients, and our focus on strategic support.”