People take an almost whimsical and unrealistic approach to securing Macs, according to Amit Serper, principal security researcher at Cybereason.
"I have a MacBook Pro. It has unicorns inside. I don't get ransomware, adware, malware or viruses," he said.
Unfortunately, the reality is Macs aren't bulletproof and, as Serper explained in a research report, security professionals should rethink how commodity threats are handled, especially those that target Macs. These programs may not be as harmless as analysts think.
If you're attending the RSA Conference this week, you can hear Amit explain why. On Friday, Feb. 17 at 11:30 a.m. in Moscone South 308 he'll discuss his research around OSX.Pirrit. This software appears to be benign adware but has components that are typically found in malware, including persistence and hidden users and the ability to obtain root access.
While OSX.Pirrit didn’t carry out any malicious actions, the potential to perform harmful activities was there. Instead of spamming a person with ads, the people behind OSX.Pirrit could have just as easily pilfered a company’s intellectual property. Or they could have installed a keylogger to capture a log-in information, allowing them access to a person’s email account.
So unfortunately, Mrs./Mr. Mac user, the reality is, you're not as secure as you think. Adware is malware. There’s nothing nice about it. The fact that it doesn’t steal your life doesn’t mean it won’t do so in the future and it doesn’t mean [adware] should be treated lightly. Attackers realize that security teams tend to dismiss adware and are including components in these threats that make them more like malware.
While there’s hardly any malware research out there for Macs because, well, there isn’t much malware that targets Macs, this doesn’t mean Macs are somehow immune to threats. Come hear Amit break down why unicorns and hope won't protect Macs.