If you’ve purchased a Mac expecting to never have to be concerned with malware or hacking, think again! A recent exploit is targeting Mac users. The good news? It’s preventable.
Mac users have long touted the fact that Apple computers are much less likely than computers running Microsoft Windows to be hacked, but that era may be coming to an end. With four times as many Windows 10 computers currently in the marketplace than Macs, it’s not surprising that hackers choose to attack the system that is much more prevalent in the marketplace overall. A recent ransomware attack may be cause for Mac users to stop their taunts of the platform being hacker-proof, however. The good news is that by taking a few simple precautionary steps, you may be able to stop cybercriminals from locking you out of your expensive Mac.
Are Apple Products ‘Hacker Proof’?
For more than a decade, there’s been a rumor that Apple products are hacker proof, but the reality is that no operating system or data structure is completely airtight. Historically speaking, there are fewer viruses and malware that are targeted to Macs than to PCs, but that doesn’t mean that any Apple OS is immune from threats. There have been more attacks in recent years as ransomware has leaked to the dark web. While Android and Windows will likely always receive a higher percentage of malware than Apple devices, the threats continue to multiply as Apple becomes ever more popular in the marketplace. It’s only a matter of time until specific devices are targeted with browser-specific hacks that bypass some of the security that is baked into OS X.
Phishing emails and third-party exploits of software such as Java or Adobe are also some of the current crops of attacks against Macs, but they’re not the only ones. Macs have been plagued by adware and bloatware — whether malicious or just annoying — that can float pop-up ads on your system to tempt users to download non-essential software tools. These problem spots can slow down the system overall or spawn additional pop-ups, and generally aren’t dangerous. Malicious iOS apps are another form of malware that is likely to be found on a Mac. It’s important to stick with only downloading apps from the official App Store, as others could potentially include subsets of code that can steal user information or infect the device in a much more widespread fashion. While buying from within the App Store helps combat nearly all malicious software, the ever-diligent app reviewers don’t catch everything. In the last 24 months, XcodeGhost was able to introduce a framework into legitimate apps that hijacked back-end servers and ultimately infecting the third-party advertising network.
Rise of Ransomware
Hackers are always looking for new ways to hold your device hostage, essentially locking you out of your device until you pay a ransom which is generally requested in nearly-untraceable Bitcoin currency. With ransomware up nearly 250 percent in 2017, cybercriminals have discovered that there is significant money to be made in locking down computers both for individuals and for businesses. Ransomware has often targeted PCs in the past, but mobile devices and Macs are a growing part of the threat landscape. The U.S. has been hit particularly hard, most likely due to the high number of available computers and relatively high per capita income — which translates into funds available to pay for ransom demands. Ransomware often completely disables the boot-up process for your computer, a crippling effect on any system.
Find My Mac
This recent risk is related to the Find My Mac application, or FMM, which is being targeted by hackers who then request Bitcoin payments in order to provide renewed access to the system. This particular app makes it simple to pinpoint the current location of your device and is helpful in the case of a lost phone or stolen Mac computer. Apparently, hackers have illegally obtained a large quantity of iCloud passwords and usernames, and are leveraging these assets to lock people out of their Macs and mobile devices. The good news is that there’s a relatively easy fix that doesn’t involve paying the ransom, but only if you’re willing to lose all of the data on your device by doing a hard reset. This can also be accomplished by bringing your Mac to an Apple store and verifying your identity.
Reducing the Risk of Loss
Fortunately, there are a few ways that you can reduce the risk of being hit by these cyber criminals. Creating a password that is highly secure is the first step, as is turning off the Find My Mac or Find My iPhone in your device’s Settings. Turn on two-factor authentication on your Apple account to ensure your password cannot be reset without your knowledge, and consider utilizing a password vault app that provides additional levels of security. There’s a further step that you should take before selling or loaning your computer that may help keep your Apple ID information safe, as iCloud information is stored on the nvram of your computer. Disabling FMM at the command line can be accomplished by entering:
$ nvram -d fmm-computer-name
$ nvram -d fmm-mobileme-token-FMM
If your IT admins are struggling to keep security under control, let the professionals at CSP, Inc support your Raleigh organization. We work to ensure that all risks are addressed in a timely manner throughout your fleet of devices and computers.