Today's Hacker interest in macOS ten times that of 2019

While Mac as a platform isn't necessarily as big a target as Windows, macOS is not immune to digital threats. If this analysis on Dark Web threat actors is accurate, then there's been a considerable rise in attacks in recent years.

According to an Accenture Cyber Threat Intelligence report, the number of dark web actors targeting macOS was just 202. After a steep rise to 2,143 in 2022, 2023's figure stands at 2,295 threat actors.

The activity on the Dark Web those actors perform includes developing and maintaining "macOS-specific infostealer strains," tools and services, selling macOS enterprise certificates for malware distribution, exploit development, macOS Gatekeeper bypass attacks, and macOS-specific malware strains.

Part of this increase in criminal interest is caused by enterprise businesses increasing their own adoption of macOS. For example, from 2019 to 2020, the primary use of Macs in enterprise rose from 17% to 23%.

Accenture is greatly concerned about threat actors with "positive reputations and large budgets" looking for ways to bypass macOS security functions like Gatekeeper and Transparency Consent and Control. Bypassing these tools can be lucrative, with one actor offering up to $500,000 for bypasses and exploits for Gatekeeper.

Another offered a bounty of up to $1 million for a working exploit for macOS.

While there's more choice for actors attacking Windows and Linux than macOS, the scarcity of macOS zero-day exploits means that they have been advertised for millions and malware for thousands of dollars versus the relative thousands and hundreds for Windows equivalents.

There's also more specialization in macOS threat actors, such as one advertising the creation of an Apple Enterprise Certificate, which starts prices from $100,000.

Turning to the future, Accenture feels the trend of rising interest will continue unabated. "As technically advanced and well-resourced threat actors continue to pour time and money into developing macOS-specific attack vectors, the techniques and capabilities available to the wider dark web community increases," writes Accenture.

The general advice from AppleInsider and others is to apply security updates to macOS and other operating systems as soon as possible after they have been issued. Good online hygiene is also a must, as that can often stop issues before they can become a costly problem to users.