Today’s world is filled with digital threats. Barely a week passes when there isn’t a story in the news about some company suffering a data breach. But behind those big news stories there are hundreds of small businesses and individuals who suffer identity theft, credit card scams or other online attacks that can have significant impact – both financially and to our mental health.
The days of computer viruses have more or less passed. Today’s attackers are mainly concerned with one thing – money. Whether you’re talking about identity theft, financial scams, ransomware of almost every other type of cyber attack, the goal is financial.
Mac users have often debated the need and efficacy of ‘anti-virus’ software. I put the word in inverted commas intentionally as we have moved a long way pas the days of computer viruses. The broader term malware is now where we are at. It encompasses a far broader array of malicious tools used by cyber criminals. And that means we need to think differently about how we protect ourselves from online threats.
What are some of the big threats? Follow the money
Online criminals are no longer trying to mess up your documents or files for fun. They are looking for ways to coerce or trick you into opening your wallets.
Phishing
We’ve all received an email that looks like (or tries to look like) it’s from a bank or some other ‘trusted’ institution. The goal for criminals sending these messages is to get you to enter your username and password into a fake website so that they can then use the same credentials to access your real accounts.
Phishing attacks have become more prevalent and better crafted in the age of AI and cheap automation. In the past, scam emails were reasonably easy to detect. Often, the spelling and grammar were poor and scammers didn’t;t use current logos. But criminals are now using AI to craft convincing scams. And, to add more complexity, they can produce those scam emails in multiple languages.
Business Email and Social Media Compromise
Sometimes called email fraud, criminals try to coerce you into sending them money. A typical ploy for businesses is to send them an email that looks like it’s from a trusted source such as a customer or supplier. They’ll include an attachment that looks like a real invoice and ask you to transfer funds to their account.
On some occasions, they will pressure you into making the payment by creating some sort of perceived time pressure.
For individuals, this often happens through social media where someone will pretend to be a friend or relative and use a fake social media account to contact you and ask you to send them money because they have been robbed or are stranded overseas.
Ransomware
While computers running Windows remain the main target for criminals, there have been successful ransomware attacks against Macs. Victims are duped into clicking a link or opening an attachment that has a malicious payload. That payload is a computer program that encrypts your files. The only way to recover your files is to pay the criminals a ransom for them to provide you with a decryption key.
The random is usually paid with cryptocurrencies so the money can’t be followed.
Scams
While the “Nigerian Prince” scam might be well known and have been around for a long time – it predates the Internet and used to be done with letters in the post – it and other variations are still around. More recently, dating and romance scams have become more prevalent with requests for cash made in exchange for the chance of a loving relationship or sex.
What is Apple doing to protect us?
Apple has released a support document documenting how it protects users against malware. Apple has taken a four-pronged approach:
- The App Store and Notarisation: Although you are free to download and install applications for your Mac from anywhere, if you limit your app purchases to the Mac App Store, Apple scan apps and issues a ‘Notarisation ticket’ if it deem the software to be safe.
- XProtect: Apple has included built-in antivirus technology called XProtect as part of macOS since 2009. This is a signature-based tool for the detection and removal of malware. Apple monitors for new malware infections and strains and updates signatures automatically. this happens separately from system updates to help defend a Mac from malware infections, even when we are slow at updating our Macs.
- Gatekeeper: Introduced in 2021, Gatekeeper only allows trusted software to run on a Mac. This has been, in the past, called ‘whitelisting’ although that term has been recently replaced by ‘allow listing’. Gatekeeper verifies that the software is from an identified developer, is notarised by Apple to be free of known malicious content and hasn’t been altered.
This multi-faceted approach is quite effective. But should you still run separate endpoint protection software on your Mac?
Antivirus on your Mac – yes or no?
It’s plain to see that online criminal activity is not going away and that threat actors (that’s what the security industry calls online criminals) keep changing how they operate in order to work around security tools.
The question to ask is whether you see the risk of being attacked by a very new threat that is not defended against by XProtect. With more people using their Macs to work from home, and ever increasing Mac sales, Apple’s computers are now a bigger target than ever before.
I won’t reveal what tactics and tools I have in place for protecting my Mac – I don’t want to give the bad guys any intelligence that could help them target me. But you need to assess your risk. How you answer these questions may help.
- Do you share files with people?
- Do you visit websites that might be associated with ‘dodgy’ practices (eg ‘free’ software, ‘adult’ services)?
- Do you carefully verify that every email that comes to you is really from who you think (this is harder to check than most people realise)?
- Do you verify every link before you click on it?
The ASD Essential Eight
The Australian Signals Directorate (ASD) published its Essential Eight security guidelines several years ago. And while it is main intended for larger organisations and government departments, it provides useful guidance for everyone.
The Essential Eight are:
- Patch applications: keep your applications software up to date.
- Patch operating systems: keep macOS (and the operating systems on all your devices) up to date.
- Multi-factor authentication: don’t rely solely on passwords, use an authenticator app or SMS codes to log in in to important services like banking and email.
- Restrict administrative privileges: consider using a “Standard” user and not an “Administrator” as your regular account.
- Application control: if you’ve enabled macOS’ security feature that uses the App Store and Notarisation, you’ll be able to securely what apps can be installed to your Mac.
- Restrict Microsoft Office macros: in each Microsoft Office application, you can restrict the ability for macros (macros are a tool for automating actions that can be exploited by criminals if they send you a tainted Microsoft Office file that has some hidden automation).
- User application hardening: check application settings to ensure they only have access to services they absolutely need. For example, you might limit social media apps from having access to photos, microphones and cameras.
- Regular backups: a secure backup of your system is essential if you;’re to recover from damage inflicted oil your system by a threat actor.
Using the Essential Eight as a guide is a good way to ensure you’re following computer security best practice. While there’s no way to truly 100% protect yourself from a determined attacker, doing these things will greatly reduce your risk.
If all that seems too complex, then I suggest focusing on:
- Keep all applications up to date
- Keep your operating systems at levels that are supported by Apple with regular security updates
- Use multi-factor authentication so a stolen or guessed password doesn’t result in a catastrophe
- Backup your systems regularly.
The need for endpoint protection software is about risk mitigation. For some, their working environment may put them at higher risk. For example, if you work from home and receive invoices from third parties, that means you’ll be opening lots of attachments and may not have time to check the details of every sender. In that case, endpoint protection software makes a lot of sense.
But if rarely open attachments, use your Mac mainly for web browsing, some email and other low-risk tasks then Apple’s in-built protection and the Essential Eight may be enough to minimise the risk of attack.
Anthony is the founder of Australian Apple News. He is a long-time Apple user and former editor of Australian Macworld. He has contributed to many technology magazines and newspapers as well as appearing regularly on radio and occasionally on TV.