In its annual Security 360 report for 2023, Jamf shows that malware threats to Apple systems continue to increase. The study examined 15 million desktop computers, tablets and smartphones in 90 countries and with different operating systems (macOS, iOS/iPad, Android and Windows).
The results are concerning: companies overall are very poorly positioned to respond to today's often sophisticated cybersecurity threats. The analysis in the report is based on real Jamf customer data, advanced threat research and relevant industry insights.
Sample of 15 million Apple devices
For the report, Jamf examined a sample of 15 million desktop computers, tablets and smartphones in 90 countries and with various operating systems (macOS, iOS/iPad, Android and Windows). The analysis of the sample, which was carried out in the fourth quarter of 2023 and covers the period of the previous twelve months, shows, among other things, that the cybersecurity situation in companies is worrying and that threat actors are now using highly sophisticated attack methods.
Selected findings from the Security 360 report are:
- 40 percent of all users of mobile devices and 39 percent of all companies examined use devices with known vulnerabilities
- Jamf is aware of a total of 300 malware variants on macOS, including 21 new variants discovered in 2023
- Trojans are an increasingly popular attack method and now account for 17 percent of all malware attacks
- Phishing attacks were 50 percent more successful on mobile devices than on (Mac) desktop devices
- 20 percent of all companies examined have already had their daily business affected by malicious network traffic
Malware is becoming more and more sophisticated – including for macOS
The new macOS-specific malware variants are particularly worrying, because many Mac users are still under the misconception that there is no malware on Mac devices - according to one Survey by The Hacker News from 2023, 57 percent of all Mac users agree with the statement 'Malware does not exist on macOS'. Not only is this assumption incorrect - many of the malware variants used by attackers in the past year work on Mac devices as well as Windows devices - in fact, there are now some malware variants that are specifically designed for Mac devices aim. These include, for example, the variants Atomic Stealer, JokerSpy and WTFMiner described in the Security 360 Report.
As the report also shows, basic security functions were often deactivated, especially on the Apple devices analyzed. These include:
- FileVault, a fundamental feature that helps protect user data through in-disk encryption. FileVault is comparatively easy to deploy, configure and manage, but was disabled on 36 percent of the devices examined.
- Gatekeeper, an important layer of security against malware installation that checks every app that is installed to ensure that only the functions specified by the developer are performed. Gatekeeper was disabled on 10 percent of the devices examined.
- The firewall is one of the most basic protections against web-based threats and ensures that endpoints do not accept incoming connections from unauthorized applications and services. It was disabled on 55 percent of the devices examined.
- The lock screen protects mobile devices and the data stored on them from direct, unauthorized access. It was deactivated in three percent of the devices examined, with 25 percent of the companies examined having at least one device with a deactivated lock screen in their device fleet.
Even basic countermeasures can be effective
Jamf has compiled advice and recommendations for companies and end users to protect themselves against new, technically complex cybersecurity threats. In particular, industries such as healthcare or individuals such as journalists or government representatives could be affected by such sophisticated cyberattacks in the future. In most cases, these measures are not overly difficult to implement. Because even basic countermeasures – if implemented correctly – can often offer reliable protection. These recommendations apply to all types of devices and operating systems as well as company-owned and BYOD (“Bring Your Own Device”) devices.
Basic protective measures
- The use of management and security solutions to have as much control over the devices as possible while at the same time having to manage as few different solutions as possible
- Applying industry and regional best practices
- The regular updating of operating systems and applications through updates and patches
- The use of multi-layered protection mechanisms (such as multi-factor authentication)
“This year’s report further illustrates how complex the modern cyber threat landscape has become. "The results of our analysis show that Mac devices as well as Mobile devices have performed comparatively well in terms of security over the past twelve months, but this good performance is largely due to happy coincidences.
The overall lack of cybersecurity in companies, combined with the increasingly sophisticated tactics of attackers, will become a serious problem for companies in the future if nothing changes. Accordingly, it is high time that companies protect their device fleets with industry best practices and develop a comprehensive security strategy for their hybrid employees.”
More at Jamf.com
About Jamf
Focused on Apple for over 20 years, Jamf is now the only company in the world with a complete endpoint management and protection solution that ensures enterprise-level security, is easy to use and protects end-user privacy. Jamf extends the Apple Experience that consumers value to businesses, schools and government organizations.