Apple users have for a long time smugly boasted to their rivals in the Windows world about just how safe they were using Apple products, but times have changed.
Apple is now punching at the same weight as Microsoft in terms of its commercial reach, so both companies are now equally in the firing line of hackers.
OS X malware developers have accelerated the production of malicious software to attack the once-proud Apple fan boys, making this security-naïve demographic even more prone to data loss (and worse) than their beleaguered Windows counterparts.
Earlier this month Palo Alto Networks published a notification warning of a new ransomware attack targeting OS X users.
The malware payload had been embedded in the installer of popular BitTorrent client, Transmission, delivering a new ransomeware attack against OS X called “KeRanger.”
Most importantly and concerning for users, this installer was the legitimate product supplied on the official Transmission website. To make matters worse, KeRanger was digitally signed with a legitimate Apple Mac application development certificate, so Gatekeeper, which was introduced in OS X Mountain Lion v10.75, will happily allow this product to run.
After three days of remaining quiet, KeRanger wakes up and gets to work. It starts by connecting to its command and control server via the Tor network, traffic that even on a monitored network where Transmission is being used may not seem out of the ordinary.
Once it establishes its comms channel with the C&C server, it gets a unique private key related to your computer then starts encrypting documents and data. The ransom is set at 1 bitcoin, which in today’s exchange rate equates to approximately $530 Australian Dollars.
In response, Apple revoked the app developer certificate and added a new signature for detecting the malware into XProtect, which is a great outcome for OS X users.
Elsewhere, Adobe was also this month preparing to release patches for 21 serious security vulnerabilities in the latest version of the vilified Flash Player.
(Flash was a legacy solution to a legacy problem, which is no longer required in today’s world of dynamic code and HTML5. For this reason, over the years, Flash has always been a major headache for IT security professionals who understand that having a feature-rich execution environment inside the user’s own operating context is always going to offer a major threat vector for hackers and malware.)
OS X was on the list of affected systems being patched by this release of Flash. Three of the specific patches permit arbitrary code execution, meaning that Flash can be used to launch any other unwanted piece of software on your system, such as the KeRanger ransomware.
Unfortunately, what this all shows is that the era of Macs being safer than Windows is long gone, so it’s time to start managing your enterprise Apple environment with the same level of rigour you would with your Windows systems.
Make sure all your OS X systems are all patched and up to date as soon as possible and ensure you’ve configured all the security features on your Mac to be as strong and enterprise-grade as you can.
I’d also advise you include a commercial anti-malware product in your yearly security budget that works on both Windows and OS X. This will give you a second line of endpoint defence over and above Apple’s Gatekeeper.
Finally, make sure Gatekeeper is configured to restrict what users can install on their systems, making sure the option to only allow Mac App Store applications to be installed is selected. Gatekeeper makes use of rules-based policies that can be centrally managed in enterprise environments, so there really is no excuse.
When you sit back and assess the risks related to an OS X environment in light of the modern threat environment, every endpoint in your business is just as much at risk as the Windows ones you’ve always focused on the most.
It’s time to take off the blinkers and manage every operating system as an equal.