Based on research across established dark web forums, threat actors are targeting macOS, with exploits trading for millions of dollars

  • crow@beehaw.org
    link
    fedilink
    English
    arrow-up
    1
    ·
    edit-2
    1 year ago

    The trick is to use an operating system so niche and different that no one is prepared to hack it.

    • It may not even be that much of a real increase. The “1000%” increase chart in the article doesn’t have any y-axis label, which is suspicious. Plus percent increases from a small absolute starting point are misleading.

      Skimming article, it looks like increase is in dark web posts about MacOS zero days and CVEs rather than actual successful attacks.

      • DragonTypeWyvern@literature.cafe
        link
        fedilink
        arrow-up
        1
        ·
        edit-2
        1 year ago

        During covid, the right wing dipshit-o-sphere tried to scare Asian people into thinking black people were out to get them.

        They’d link things like “San Francisco hate crimes against Asians up 500%!” and just counted on no one looking at the numbers, which in these cases were an increase of one per year to five (all committed by one crazy dude)

        Anyways, the reactions to that number were my first real internalization of the concept that the majority of people are just too lazy to check sources, which is something I knew but couldn’t quite believe until then.

    • The Doctor@beehaw.org
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      More and more, companies are giving their sysadmins and coders Macbooks rather than Wintel laptops. It’s been an upward trend in last eight or nine years. I’ve always thought it was to head 'em off at the pass so they won’t install un-remotely managed and un-monitored Linux distros on company equipment. At any rate, a lot of proprietary stuff winds up on corporate Macbooks, which means targets worth going after. As for availability of exploits for OSX, folks have been hoarding them for this kind of situation. These days, you wait for an optimum target environment before you unleash your 0-days.

  • roofuskit@kbin.social
    link
    fedilink
    arrow-up
    1
    ·
    1 year ago

    Apple used to brag about how Macs didn’t get viruses. I used to laugh because it wasn’t that they were that much more secur but because their market share was too small to be a profitable target.

    Now they’ve cultivated the perfect target user base. A large collection of tech ignorant or adverse people who have lots of money to burn.

    • 🦘min0nim🦘@aussie.zone
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      Well, they were significantly more secure by default than Windows due to various design measures including the separation of user land. And old OS9 was friggin brilliant for a web facing machine back in the day.

  • interolivary@beehaw.org
    link
    fedilink
    English
    arrow-up
    0
    ·
    1 year ago

    Welp, maybe I’ll finally have to get around to installing some sort of anti-virus/malware software after 20 years of macOS and/or Linux. At least the system architecture isn’t quite as much of a dumpster fire as Windows’ is, but nothing is invulnerable when there’s enough incentive

    • Barry Zuckerkorn@beehaw.org
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      The general recommendation is to configure your system to allow the use of the minimum number of privileges. If you don’t have the need to use software that doesn’t come from a trusted repository (like the Apple App Store itself, but also things like homebrew), go ahead and turn off the ability to run software from other sources. If you’re coding, make sure your code is properly sandboxed, and that you’re not blindly relying on untested packages (see compromised npm packages). Don’t give apps accessibility or other rights if they don’t need them, etc. And then stay current on all software updates.

      Even zero-days often rely on certain configurations, and you can always lock down the built-in apps to not auto-run or auto-preview things they receive. Some of it requires an active user maintenance to decide how to balance convenience versus security on your own system.

    • meseek #2982@lemmy.ca
      link
      fedilink
      arrow-up
      0
      ·
      edit-2
      1 year ago

      Naw. This is just FUD. I mean it’s coming from Accenture ffs.

      Keep calm and keep computing.

      • Yep. Seems to be a sensationalized piece that basically boils down to “Mac market share in enterprise is now more than a rounding error, so hackers might start targeting it”

        • GreatAlbatross@feddit.uk
          link
          fedilink
          English
          arrow-up
          2
          ·
          1 year ago

          “Does your company have macs? Mac attacks are up 1000% percent. If you don’t have the IT resources to install antivirus on all your shiny macs, you can pay us to do it for you.”