Cybersecurity firm LayerX has spotted a scareware campaign that jumped from Windows to macOS after new browser protections on Windows shut it down.
According to LayerX, attackers used compromised websites to serve fake Microsoft security alerts, tricking users into entering their credentials. After Chrome, Firefox, and Edge introduced anti-scareware measures, these attacks dropped by 90%. Within two weeks, LayerX detected nearly identical phishing tactics repurposed for Mac users on Safari.
This shift suggests macOS users may now be a primary target, particularly in enterprise environments. LayerX warns that attackers will likely continue adapting their campaigns as security measures evolve.
Jaron Bradley, director of Jamf Threat Labs, said, "These phishing attacks have been successful by scaring users into providing their credentials. Blinking windows and pop-ups with intimidating messages create a sense of urgency, pushing individuals to resolve the fake issue quickly and leading them to enter their credentials. After Windows implemented mitigations for this tactic, it's no surprise that attackers turned their attention to other popular platforms without the same level of pressure to defend against such attacks."
It doesn't hurt to remember never to enter their iCloud credentials outside of the official Apple website.
"Users should also be cautious when encountering flashing warnings that prompt them to call a phone number to resolve a supposed threat. These calls often lead to scammers who promise to fix a fake issue in exchange for a fee and credit card information," Bradley said.
Now, here's today's MSSP update. Drop me a line at sharon.florentine@cyberriskalliance.com if you have news to share or want to say hi!
Today's MSSP Update
1. Forcepoint expands leadership team: Forcepoint has made three additions to its leadership team. The new additions come as Forcepoint moves forward with its Getvisibility acquisition. New hires Guy Shamilov has been named chief information security officer (CISO) and Bakshi Kohli will serve as chief technology officer (CTO) and head of global engineering. Naveen Palavalli, who joined the company last year, will expand his role to chief product officer and chief marketing officer (CPO and CMO). Congratulations!
2. TrustedSec acquires Trimarc: Offensive security and consulting firm TrustedSec has acquired Trimarc Security, an Active Directory security firm. All Trimarc services will now be delivered through TrustedSec. Sean Metcalf, CEO and founder of Trimarc, has officially joined TrustedSec. Metcalf is a Microsoft Certified Master in Active Directory and will play a key role in strengthening TrustedSec’s service offerings.
3. Eon's cloud-native backup: Cloud backup solution provider Eon launched its cloud-native package today to protect and recover from ransomware attacks. Eon's platform is engineered for immediate recovery and restores clean data in minutes. Eon’s ransomware package aligns with the NIST Framework and offers identification, protection, detection, response, and super-fast recovery capabilities.
4. RightCrowd, Veridas partner on access security: Earlier this month, RightCrowd and Veridas announced a strategic integration for secure workforce access solutions. This collaboration combines RightCrowd’s physical identity and access management (PIAM) solutions with Veridas’ advanced facial authentication technology. The system allows authorized individuals to gain entry through facial authentication or a unique QR code and, when required, the solution can automatically trigger additional security measures such as visitor badge printing or supplementary check-in procedures.
