Wow, this is proof that macOS is getting targeted more and more, and this also seems to be quite a sneaky attack. On the other hand, a good firewall would have blocked the outgoing communication. And of course I assume that most AV's would have caught the malware.
And here we go again, it seems like Gatekeeper is bypassed and not it's not clear yet if XProtect could block the malware. So even on macOS you should take security seriously, because I wouldn't be surprised if many people fall for this. And it wasn't the first time, see second link. https://www.bleepingcomputer.com/ne...-drop-macos-malware-via-cryptocom-job-offers/ https://threatpost.com/mac-cryptocurrency-traders-targeted-by-trojanized-apps/157557/
+1 Even with only a modicum of common sense, most people should not be falling for these phishing and social media tricks.
Unfortunately, that Uber employee in that Lapsu$s hack was socially engineered. So, if it still produces fruit, the hackers are gonna milk it. People with both smarts and money don't seem to be as commonplace as we would hope. I could make a political statement here but I somewhat value my membership to Wilders, so anyway.
Agreed. Where I work my employer requires its employees to take scheduled online courses on how to recognize and avoid these and similar types of scams. They occasionally send "trick" phishing emails to its employees, and anyone falling for them, clicking a harmless link or attachment, is required to take the relevant security course again. Maybe more businesses need to implement this type of education.
You would think this would/should be the norm! This is how it should be done. However, this is an investment of your company; it costs money. Too many firms do not make this kind of expenditure, only after the fact--some of them. A recent ransomware encryption notice (Royal ransomware) finally acknowledged the lapse of judgement by tauntingly writing ..."you decided to save some money on your security infrastructure..." This was posted over at MT so maybe you saw it. Hopefully most critical-needs corporations (hospitals, utilities) start following the leads of security policies like your company's--particularly now, with a war with escalating threats going on.
They shouldn't, but don't forget that 99% of all people aren't as computer security savvy as most of us on this forum. And also keep in mind that many people might believe that malware can't easily run on macOS, so if they trust certain persons, why wouldn't they run a ''harmless'' PDF file send by email? And the problem is that in these targeted attacks, built-in security like Gatekeeper and XProtect are often bypassed.
Exactly! In fact, probably all of the latest hacks on Cisco, Microsoft, Twilio and Okta were also based on social engineering, and the employees that got tricked probably thought that MFA authentication apps on their smartphones would save them, but they were wrong. So you would be surprised how many people get tricked into running malware and filling in credentials on hacker controlled sites. Apparently this is big business because I read that KnowBe4 is being bought for $4 billion, and all they do is providing security awareness training. I personally would focus more on making better security tools, because people will keep making mistakes. But KnowBe4 has a revenue of about $330 million, not too bad. https://www.knowbe4.com
I agree that depending primarily on employee's security awareness to keep the company's assetts safe is foolhardy, and that their own security measurements such as hardware and software based has to be the primary safety net against malware attacks. However, educating employees about security awareness does help in reducing the number of potential expoits they would have to deal with, since it means fewer employees falling for phishing and other social media type attacks within the organization. An example of their hardware security is the COE devices they issue are thoroughly locked down in every way imaginable including, and I'm not really sure how it's done, probably a script I guess, but the devices are scanned for application and hardware compliancy every time they are booted up. No one except those authorized are granted any kind of Administrative rights, and applications can be installed only from it's own validated software repository.
Oh for sure it helps, so I'm all for more training. But I'm even more for better security tools related to blocking malware and blocking MFA bypasses. As for this specific attack on macOS, you could probably neutralize it by blocking outbound communications and blocking child process spawning by the fake PDF reader. Which would normally be done by a behavior blocker. That is if Gatekeeper and XProtect failed to spot this attack of course.
It's not really major news, but Apple has now finally admitted that old macOS machines are at risk of being hacked by unpatched zero days. That is if Apple's built-in protection like XProtect and Gatekeeper are bypassed of course. https://arstechnica.com/gadgets/202...olicy-only-the-latest-oses-are-fully-patched/
