Cybercriminals shall not pass: how to protect your Macs and yourself from the most popular cyber threats

By AppleInsider Staff

The Internet is a dangerous place, with many potential attacks that could be costly to your digital life. Here's how to keep your Mac, and your online identity, secure from threats.

Keep your data safe with simple security practices

In 2022, the number of attacks in cyberspace has increased significantly. According to Check Point Research, global attacks increased by 28% in the third quarter of 2022 compared to the same period in 2021.

Most of the threats that users face online are widespread and can be prevented by following basic rules of safe behavior on the Internet. It sounds easy, but according to a Fortinet 2022 Cybersecurity Skills Gap report, 80% of all breaches occur due to negligence of personal and corporate cybersecurity rules.

November 30th was celebrated as International Computer Security Day, and the MacPaw Cybersecurity team suggests that you figure out what threats exist and how to protect yourself and your Mac.

Who is at risk?

Anyone can suffer from attacks initiated by fraudsters in cyberspace. However, there are factors that make certain users more vulnerable. Among such factors:

Geolocation

According to IBM's Cost of a data breach 2022 report, the USA is at the top of the list of countries and regions for the highest average cost of a data breach.

Users in the United States are statistically likely to pay up after a hack

Workplace

Specialists who work in the government sector or critical infrastructure companies can become the target of hackers more often.

Position

Cybercriminals try to target those with the most access to sensitive information. Such people can be employees of the financial and legal departments of the company or system administrators.

A common fraudulent scheme is CEO fraud (or whaling attack) -- attacks against the company's management. Often, C-level executives do not have time to attend corporate cybersecurity training, becoming the most vulnerable and, at the same time, the most desirable targets for criminals.

What to be protected from?

The standard list of risks in cyberspace has not been changing for more than ten years, but it is regularly supplemented with new and more complicated mechanics.

Apple keeps approximately three years of operating systems patched

Incomplete security patching

The ethical hackers actually confirmed that Apple typically rolls out security patches for the current OS and the last two versions. So, if your Mac is operating on older macOS, it is time to improve it to ensure you're blocking the exploit.

How to protect yourself?

Malicious software

Loss of access to personal and corporate information, financial records, ransom demands, and costs for recovery of macOS and software are just some of the consequences of malware exposure. It usually affects the user's device due to carelessness when downloading suspicious files or working with unverified programs.

How to protect yourself?

Formjacking

Formjacking is the theft of data from forms that a user fills out on websites. According to a report by Symantec, back in 2018, an average of 4,800 sites were hacked using this method every month.

Thus, by placing an online order on a previously hacked site and filling in bank details, the user gives access to money to the attacker.

How to protect yourself?

Phishing

Phishing remains one of the most popular ways to steal user data. Cybercriminals improve their skills and learn from their mistakes. Scam emails may look normal, except they contain malicious links or fake landing pages, and may make the user share sensitive information (such as passwords or bank details).

Check for digitally certified mail from businesses

One of these options is sending fake reports to the company in the form of a letter from the accounting department.

How to protect yourself?

It's worth remembering one rule: if you don't expect it, it's suspicious.

Typosquatting

The method is simple, which is why it is invisible to many users. Attackers change the URL of the site. For example, replace "com" with "org." A user who follows such a link gets to a malicious site that copies the interface of a website but aims to steal confidential information. 3% to 5% of attacked people responded to these mechanics.

How to protect yourself?

Endpoint attacks

Hackers use this method to gain access to large networks. The target of such attacks are employees of companies who work outside the office space using cloud environments and remote workstations.

How to protect yourself?

Attacks on supply chains

The criminal finds and exploits vulnerabilities in external services or software used by the target company. According to research by Zscaler, in 2021, the frequency of such attacks on technology companies increased by 2300%.

How to protect yourself?

IoT attacks

Here we are talking about smart home devices, cars, personal devices, household appliances, and medical devices through which access to your MacBook can be gained.

Buying the right IoT products can make or break home network security

How to protect yourself?

What tools to use to defend?

There is a longstanding myth that Macs are immune to viruses. According to the research, Windows and Mac users were similarly affected by viruses (10.3 percent of Windows clients compared to 8.3 percent of Apple customers). Here are a few tools which can be used to defend your Mac.

Antiviruses

Bitdefender

Bitdefender is an antivirus that offers protection against viruses without requiring a large subscription fee. The user will receive Safepay online banking protection, a password manager, a vulnerability scanner, and other features.

Norton AntiVirus

Norton AntiVirus is an antivirus software with additional features that are not always found in other programs. Specifically, a built-in cloud backup tool that provides 2GB of online storage.

Pareto Security

Pareto Security's paid auditor and updater checks whether your Mac is properly configured, with an up-to-date version of the operating system, and whether there are any security threats to the device. This allows you to prevent 80% of risks.

Useful services

SpyBuster

58% of all cyber attacks in the world come from Russia, therefore, a general recommendation when choosing protection programs is to avoid services of Russian production. Unfortunately, 29% of Russian cyberattacks are successful, and in a quarter of cases, hackers get the data of the organizations or users they are hunting.

SpyBuster, crafted by MacPaw, will help you protect yourself from malicious Russian software. The free program helps protect your Mac against potential spying apps and connections on the device.

SpyBuster scans the device for installed programs with connections to Russia and monitors whether users' personal data is sent to Russian servers.

This is especially important, considering that in 2016, Russia adopted the Yarova Law, which obliges companies to store private user data (message content, sender and recipient information, location, etc.) on Russian servers. The law allows the FSB and similar Russian entities unlimited access to this data without a court order.

Use security applications to keep data and your Mac safe

1Password

1Password is a password manager that lets you create, store and share passwords in a secure environment, even with those who aren't subscribed to it. A free alternative can be KeePassXC, but it only works locally on one device.

ClearVPN

MacPaw's ClearVPN service helps to keep your online presence secure and is governed by international data encryption protocols. Regardless of the purpose of the Internet: viewing news, correspondence in messengers, or watching movies, ClearVPN provides reliable Internet protection and data anonymity.

VirusTotal

VirusTotal is a free service by Google that checks suspicious files for all types of malware with more than 50 antiviruses at the same time. However, the free version has a file size limit of 650 MB.

Hybrid Analysis

Hybrid Analysis is a sandbox that allows you to scan your file for viruses and malware for free. The service allows you to download and run a suspicious file in a secure environment to test it for malicious behavior.

Talos Intelligence and Reputation Center

Talos Reputation Center detects threats in real-time using the world's largest threat detection network. It includes web queries, emails, malware samples, open-source datasets, endpoint analysis, and network intrusions.

Thanks to their tools, you can check files, emails, and IP addresses for involvement in suspicious activity.

Also, here are several services to check the content for malware.

Author Mykola Srebniuk is the head of Information Security at MacPaw, makers of Clean My Mac X