{"id":20992,"date":"2023-01-13T04:30:06","date_gmt":"2023-01-13T12:30:06","guid":{"rendered":"https:\/\/www.palada.net\/index.php\/2023\/01\/13\/news-14725\/"},"modified":"2023-01-13T04:30:06","modified_gmt":"2023-01-13T12:30:06","slug":"news-14725","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2023\/01\/13\/news-14725\/","title":{"rendered":"Microsoft doc details the dos and don\u2019ts of Mac ransomware <u>"},"content":{"rendered":"

<\/p>\n

As enterprise adoption of the Apple platform accelerates<\/a>, it\u2019s important to note that Macs can and sometimes do get hit by ransomware. So it\u2019s good to stay tuned to security concerns on a platform and application level \u2014 and take precautions.<\/p>\n

With this in mind, extensive insights into Mac ransomware recently published only to be subsequently removed by Microsoft, can help explain these threats. The impact of such attack can be huge \u2013 ransomware already costs victims hundreds of billions each year<\/a>, and no one is immune.\u00a0<\/p>\n

UK newspaper The Guardian<\/em> was hit by a ransomware attack in December<\/a> and continues to suffer. In the US, Emsisoft<\/a> says 1,981 schools, 290 hospitals, 105 local governments and 44 universities and colleges were hit by ransomware in 2022 alone.<\/p>\n

Microsoft\u2019s in-depth report was evidently intended to support adoption of its own security offering, Microsoft Defender<\/a>, but it provides valuable advice to any company that wants to harden its Mac security.<\/p>\n

However, security researchers such as Patrick Wardle noted that Microsoft’s piece seemed close to statements made in his own excellent book, ‘The Art of Mac Malware’, which you can access free here<\/a>. He also wrote this excellent post<\/a> detailing some of the history of this scourge.<\/p>\n

The original report does a good job of explaining some of the ways the most prevalent forms of ransomware try to hide themselves from detection by automated analysis systems and manual inspection. It\u2019s useful to understand some of the methods that allow such attacks take place undetected (until it\u2019s too late).<\/p>\n

It also helps guide security first response if an attack does take place; in the case of some sophisticated attacks, it\u2019s not enough to identify just one invasion vector, as once inside the systems, some will implant second- and even third-line bugs in case of detection.<\/p>\n

That\u2019s why emergency response teams at times do detailed system and traffic audits before switching systems off. They know that once an exploit is switched off, attackers will cease the invasion, making it harder to detect the miscreant.<\/p>\n

In many ways, the best advice can be seen as relatively basic.\u00a0As ever, the most critical slice of sagacity is an admonishment to \u201cinstall apps from trusted sources only, such as a software platform\u2019s official app store.\u201d<\/p>\n

It\u2019s vital to recognize that human error remains the most pervasive way in which attacks occur, and all teams should understand the need to remain watchful when installing software, even on the personal partitions of their device. You shouldn\u2019t click on a link you don\u2019t know the source of. You shouldn\u2019t install an app you can\u2019t trust<\/a>.<\/p>\n

It’s simple stuff, but has a huge impact.<\/p>\n

Another recommendation: use browsers that block malicious sites, phishing sites, and other sources of nasty malware. Microsoft recommends Edge, but in truth the key ingredient is to enable full security protection on your browsers and act if you receive a warning when browsing online.<\/p>\n

Security teams also recommend enterprises use the many OS X management solutions that exist to secure even remote systems against attack. You can use an MDM console to restrict access to privileged Mac system resources such as LaunchDaemons<\/em> or LaunchAgents<\/em> folders, for example. Doing so helps mitigate against more common vulnerabilities.<\/p>\n

Another good reason to use enterprise management systems is that these can be employed to remotely install security and operating system updates as they emerge.<\/p>\n

Installing software updates is a critical step to Mac or any other platform security.<\/p>\n

Apple has published several critical security updates in recent months and the pace at which it is doing so betrays the significantly increased activity among threat actors at this time. This is also why Apple has put Rapid Security Response<\/a> in place for the Mac, enabling the company to push urgent security updates across the Mac platform in the event of a security crisis.<\/p>\n

Such reports should be of interest to anyone involved in active IT administration or security protection. Its report analyses how four Mac ransomware families (KeRanger<\/a>, Filecoder<\/a>, MacRansom<\/a> and EvilQuest<\/a>) abuse system functionalities to infect machines.<\/p>\n

The original report explained how they install themselves, mask their existence, proliferate, and ensure their own persistence in the event of a system restart. It\u2019s fascinating stuff, which\u00a0Microsoft has shared<\/a>\u00a0as a \u201ctechnical reference that researchers can use and build upon to understand Mac threats and improve protections.\u201d<\/p>\n

However, on removing the report Microsoft’s security team Tweeted to Wardle<\/a>: “We are grateful to the security research community who works tirelessly to protect our world. We heard the feedback that we didn’t acknowledge the extensive work done by others on this topic. We have removed this blog.”<\/p>\n

We can anticipate a great deal of activity<\/a> around security on Apple\u2019s Mac and mobile platforms this year. Apple has told us it is taking this extremely seriously<\/a>, in part because we live in dangerously hostile times \u2014 the recent Twitter hack<\/a> tells us multiple parties are seeking out weaknesses at this time. Apple partners, including Jamf<\/a>, are also providing valuable Mac protection, and Apple itself recently launched a new security portal<\/a> offering in-depth security insights.<\/p>\n

Meanwhile, you and your staff should be careful about where you download apps, avoid clicking on links you don\u2019t recognize, and ensure full browser security features are enabled. You should also use strong passwords for Macs and all your services and use built-in features such as “Protect Mail Activity” and iCloud Private Relay to help harden overall security and identity protection. And if you think you might be under attack, or likely to be, do use Lockdown Mode<\/a>.<\/p>\n

Report updated January 13<\/strong> with news of Microsoft’s removal of the original post, some insight into why and addition of new resources to help enterprises understand and battle ransomware.<\/p>\n

Please follow me on\u00a0Mastodon<\/a>, or join me in the\u00a0AppleHolic\u2019s bar & grill<\/a>\u00a0and\u00a0<\/em>Apple Discussions<\/em><\/a>\u00a0groups on MeWe.<\/em><\/p>\n

http:\/\/www.computerworld.com\/category\/security\/index.rss<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

<\/p>\n

\n
\n

As enterprise adoption of the Apple platform accelerates<\/a>, it\u2019s important to note that Macs can and sometimes do get hit by ransomware. So it\u2019s good to stay tuned to security concerns on a platform and application level \u2014 and take precautions.<\/p>\n

Knowledge is power<\/strong><\/h2>\n

With this in mind, extensive insights into Mac ransomware recently published only to be subsequently removed by Microsoft, can help explain these threats. The impact of such attack can be huge \u2013 ransomware already costs victims hundreds of billions each year<\/a>, and no one is immune.\u00a0<\/p>\n

To read this article in full, please click here<\/a><\/p>\n<\/section>\n<\/article>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[11062,10643],"tags":[2211,10480,10403,714],"class_list":["post-20992","post","type-post","status-publish","format-standard","hentry","category-computerworld","category-independent","tag-apple","tag-ios","tag-macos","tag-security"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/20992","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=20992"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/20992\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=20992"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=20992"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=20992"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}