Apple Users See Big Mac Attack, Says Accenture

  /     /     /  
Publicated : 23/11/2024   Category : security

Apple Users See Big Mac Attack, Says Accenture


Accentures Cyber Threat Intelligence unit has observed a tenfold rise in Dark Web threat actors targeting macOS since 2019, and the trend is poised to continue.


Its no surprise that Apple Mac computers have become prize attack targets in recent years, but the number of Dark Web threat actors pursuing macOS is rising at an alarming rate. Accentures threat intelligence unit on Monday reported
a tenfold increase
in Dark Web threat actors targeting Macs since 2019, much of it during the past 18 months.
The findings come from Accenture Cyber Threat Intelligence (ACTI) and its Dark Web reconnaissance efforts. While threat actors have historically directed their attacks at Windows and Linux devices, the ACTI team has observed a vast Dark Web community of skilled attackers who have set their sights on Macs.
Thomas Mannie Willkan, a cyber threat intelligence consultant with Accentures ACTI who monitors Dark Web activity, tells Dark Reading that threat actors have traditionally ignored macOS. It was more lucrative and easier to target Windows and Linux, but now, they have changed their scoping, Willkan says. I think, partly, it is because they are constantly innovating and trying to stay ahead of security measures. But also, its because theres now an economic incentive to target the Mac.
Macs in the enterprise are often more vulnerable because organizations dont apply the same conditional access and other policies as they impose on Windows devices, says Jason Dettbarn, CEO of Addigy, which provides a macOS and iOS management platform. Dettbarn says CISOs are increasingly taking a more proactive posture toward the security of Macs.
Even if Apple is more secure, CISOs want to make sure they are running the same processes as they are for Windows, Dettbarn says. Organizations have struggled with patching Apple devices with the same process as they update Windows PCs, he adds. Dettbarn is specifically referring to
Rapid Security Responses
for iOS, iPadOS, and macOS, Apples new approach to delivering software updates, launched in May 2023.
Rapid Security Response is considered to be the highest required patch, meaning you can assume it is actively being exploited, Dettbarn says. Every CISO I know says Were not applying a patch unless we have a public disclosure of what it is.
Macs now appeal to some of the most well-known threat actors, including LockBit 3.0, which ACTI says is creating specific ransomware strains, while new groups are also directing their focus on exploiting macOS. For example, ACTI says the group Monti claims to have a
rewritten version of Contis EXSI
ransomware locker that can deploy operators dating back to REvil from 2019.
ACTI has observed exploits for Macs that sell at a premium over those targeting Windows PCs. For example, ACTI found one threat actor that offered $500,000 in December 2022 for a macOS Gatekeeper bypass or exploits.
Accenture managing director of global cyber response and transformation services Rob Boyce points to a growing number of skilled actors with sophisticated macOS-based attack tools. The threat actor advertised Apple Enterprise Certificates that can bypass macOS Gatekeeper, which has become a highly desirable service for macOS-focused threat actors, Boyce writes.
Boyce points out that the MalwareHunterTeam security group discovered that LockBit 3.0 was believed to be developing ransomware directed at macOS. Although the version was buggy, unfinished, and imperfect, LockBit 3.0 did confirm through its underground moniker LockBitSupp that it was actively developing it, Boyce notes, adding it is the
first confirmed
established ransomware group targeting macOS with a bespoke ransomware strain.
Accenture also discovered that a well-known initial access broker with ties to the Conti and REvil ransomware groups purchased and tested the XLoader malware in 2022, which operates in macOS. Accenture anticipates the growth of threat actors targeting Macs will continue into 2024 and beyond.
The economic incentive is the increased presence of Macs in the workforce. According to IDCs July 2023
Worldwide Quarterly Computing Device Tracker report
, Macs grew to an 8.6% share of the PC market in the second quarter, up from 6.8% during the same period a year earlier.
The growth of Macs has also resulted in more macOS-specific info stealers, remote access Trojans, loaders, and zero-days, Willkan says. ACTI says it has also observed Dark Web threat actors tied to initial access brokers, and potentially data extortion groups, claiming to have procured macOS-based info stealers.
A lot of private users and a lot of industries are still under this false sense of security when they use Mac because theyve been told that you cant be affected by a virus if youre on a Mac. And I think the criminals are relying on this notion.

Last News

▸ ArcSight prepares for future at user conference post HP acquisition. ◂
Discovered: 07/01/2025
Category: security
▸ Samsung Epic 4G: First To Use Media Hub ◂
Discovered: 07/01/2025
Category: security
▸ Many third-party software fails security tests ◂
Discovered: 07/01/2025
Category: security


Cyber Security Categories
Google Dorks Database
 		Exploits Vulnerability
 		Exploit Shellcodes

CVE List
 		Tools/Apps
 		News/Aarticles

Phishing Database
 		Deepfake Detection
 		Trends/Statistics & Live Infos



Tags:
Apple Users See Big Mac Attack, Says Accenture