For years, Apple devices have been credited with the reputation of being immune to cyberattacks, thanks to the closed nature of macOS and iOS operating systems and the vendor’s focus on security. There weren’t many reports about incidents involving iPhones, iPads, or the like.
However, that has changed in recent years.
According to researchers with cybersecurity firm
Black Fog, a recent surge in ransomware attacks targeting macOS devices is changing that thinking. It’s a trend brought on by the increasing popularity of Apple devices in both the enterprise and consumer worlds, the evolution of ransomware tactics, and the rise of cross-platform threats.
“As the popularity of macOS and iOS continues to rise, so does the incentive for cybercriminals to exploit vulnerabilities in Apple’s software and hardware,” the company headquartered in the UK and San Francisco
wrote in a report in March. “Ransomware attacks like EvilQuest and MacRansom are just the beginning, as attackers continue to adapt their tactics to target Apple’s ecosystem.”
The company also noted the emergence of new cyberthreats, including NotLockBit and FrigidStealer, which it says “proves that even the latest Apple devices are not immune to sophisticated attacks. Although Apple has responded with more robust security features and patches, the reality is that no system is entirely invulnerable to attack.”
Adding Apple Devices to the List
Arms Cyber is taking such information to heart. This week, the five-year-old cybersecurity firm is adding support for macOS in a portfolio that already includes ransomware protection for Windows and Linux, becoming what Arms Cyber executives say, the first security company to deliver comprehensive ransomware protection across all three major operating systems.
For a long time, most anti-ransomware products and services have focused on Windows due to its broad use and vendor limitations, they said. For Linux, available tools were aimed primarily at detection, while there was little to protect macOS. Arms Cyber is giving the Apple OS the same defenses that Windows and Linux already have, with features ranging from preempting ransomware attacks to blocking and reporting them.
The company’s offerings focus on detecting and mitigating encryption activity by using techniques like real-time file entropy analysis that detect abnormal patterns, and its Steal Archival technology which enables fast recovery by storing encrypted backups in hidden and protective enclaves that attackers can’t access.
Last month, Arms Cyber introduced its
Automated Moving Target Defense (AMTD) solution that uses diversion and deception to make it harder for threat actors to launch ransomware attacks. All of these capabilities will now be available to Apple device users.
Growing Apple OS Use
“As Apple is getting a broader market share in the enterprise space, particularly in healthcare, finance, and education companies, Mac devices are now becoming more common in critical data environments, a space that has traditionally been limited to Windows and Linux,”
Arms Cyber CTO Bradley Potteiger told MSSP Alert.
Attackers, like many traditional companies, are driven to achieve a high return on investment, Potteiger said, adding that “due to commercial anti-ransomware and security solutions being limited on Mac, combined with the rise in popular use of these devices globally, attackers are realizing there is an early-entry advantage to launch ransomware attacks with little evasive investment.”
More Protection Needed
For a long time, macOS users relied on security through what he called “obscurity principles,” with Apple keeping its codebases more private when compared with Windows. However, with the rising number of attacks in recent years, they’re realizing that they need the same rigorous protections that other Windows and Linux system have.
“Apple has for a long time locked down third party access to the low-level components of the operating system, leading to a layer of protection through obfuscation but a lack of advanced protections from the community against sophisticated threat actors,” Potteiger said.
Arming the MSSPs
Arms Cyber’s new macOS anti-ransomware protections also give MSSPs a new tool to offer clients that use Apple devices in their IT environments.
“MSSPs have a huge role to play in the fight against ransomware as they are oftentimes on the front lines, strengthening defenses before an attack and leading response efforts in high-pressure situations," the CTO said.
He called MSSPs “the primary care doctors of cybersecurity [who] can drive a big impact on adoption of best practices, leading to greater security and resilience throughout our country and the world.”
'Eradicating This Problem'
The addition of anti-ransomware protections for Apple devices and systems is an important step at a time when attackers are rapidly shifting to targeting less-protected devices, viewing them as entry points for broadening the attack surface.
“By expanding our breadth to provide comprehensive ransomware protection across the most widely used platforms, we are one step closer to eradicating this problem for good,” Potteiger said.
