Latest news with #ConsentandControl
The Sun
2 days ago
- Business
- The Sun
Jamf unveils 2025 Security 360 Report: A strategic look at Mac and mobile security risks
HONG KONG SAR - Media OutReach Newswire - 19 June 2025 - Jamf (NASDAQ: JAMF), the standard in managing and securing Apple at work, today released its Security 360 Report, separated into analyses for mobile and macOS environments. The report spotlights the risks organizations are facing and offers insights for security leaders to consider when protecting their organizations at the user, device, application and network levels. 'Our goal with this research is to inform security leaders about the risks impacting their organizations – whether those risks impact Mac or mobile – and provide tangible recommendations for safeguarding their organizations against increasingly sophisticated attacks,' said Josh Stein, VP of Product Strategy at Jamf. 'Age-old threats like phishing remain extremely prevalent and cannot be can threats skyrocketing in popularity like infostealers. Jamf remains deeply committed to continuous threat research to not only protect our customers but also contribute valuable insights to the broader security community.' Threat trends facing mobile environments For many employees, mobile devices are the sole devices used at work. Regardless of occupation, the modern workplace is about empowering employees to connect from anywhere, at any time and on any device. This requires raising awareness about the most pervasive threats facing mobile devices and taking tangible steps to keep bad actors at bay. Jamf's mobile device threat analysis is structured into four categories found to be the highest priorities for organizations worldwide. Mobile phishing With mobile devices keeping us connected everywhere, attackers' reach continues to expand. Over 12 months, Jamf identified approximately 10 million phishing attacks, discovered that 25% of organizations were impacted by a social engineering attack, and 1 in 10 users clicked on a malicious phishing link. Training programs can be extremely valuable in mitigating phishing attacks, as can adopting a layered approach with zero-trust methodology. Vulnerability management Jamf discovered that 32% of organizations operate at least one device with critical vulnerabilities and 55.1% of mobile devices used at work are running on a vulnerable operating system (OS). Both Apple and Google routinely provide security updates to patch known vulnerabilities, and the best way to mitigate damage is to update devices accordingly. Application risk and malware Earlier this year, Jamf published research on a Transparency, Consent and Control (TCC) bypass vulnerability affecting iOS devices and published a demonstration of how a 'sideloaded' app (an app from a third-party app store) can infringe on users' privacy. The harsh reality is that using the latest OS is still not enough to protect your organization – good security practices must extend to the application layer as well. Malware and spyware High-profile users such as journalists, politicians and diplomats are often targeted by mercenary spyware attacks. Just last year, Apple sent notices of spyware compromise to users in approximately 100 countries. While malware is not as pervasive on mobile devices, when discovered, it is found to be extremely advanced and targeted. Organizations must treat mobile like every other endpoint and avoid getting complacent about the threat of mobile malware. Threat trends facing macOS environments What began as a machine for executives and creatives is becoming increasingly ingrained into the daily operations of enterprises across all industries worldwide. The threat landscape for Mac is more diverse than ever, and bad actors are only getting more creative with their attack methodologies. Jamf's Mac threat report analyzes the threat landscape affecting Macs and organizes the findings into three main categories: Application risk and malware Jamf discovered that infostealers accounted for 28.36% of all Mac malware Jamf examined, skyrocketing from accounting for just 0.25% in last year's report. Jamf's research is aligned with these findings. Employees of organizations in high-profile industries (like crypto), must remain vigilant from both a training and security tool standpoint. Vulnerability management Jamf Threat Labs has dispelled the myth that Mac is invincible multiple times, including just last year when the team discovered a vulnerability in Gatekeeper, a crucial component blocking apps downloaded from the internet that don't have a valid developer ID. Having the right controls and training is crucial for mitigating risks caused by vulnerabilities on macOS. Social engineering With Macs becoming more common at work, the attack surface continues to expand. Phishing is typically thought of as email-specific, which is far from the truth. In fact, Jamf Threat Labs published research discussing a campaign from the Democratic People's Republic of Korea (DPRK) that uses LinkedIn messaging as an initial lure. Training employees in the various forms of phishing that can impact the Mac environment is critical for avoiding fallout. Methodology Jamf examined 1.4 million devices protected by Jamf. The analysis was carried out in the first quarter of 2025, revisiting the prior 12-month period and spanning globally across 90 countries and multiple platforms – specifically, iOS and iPadOS and Android devices for mobile as well as Macs. The analysis in this report is informed by Jamf's Threat Intelligence, a broad collection of insights that are derived from original threat research, real-world usage metrics, along with news analysis and data feeds.
Techday NZ
3 days ago
- Techday NZ
Jamf report finds phishing & infostealers surge on Apple devices
Jamf has released its Security 360 Report, highlighting significant security trends and risks for mobile and Mac devices within organisational environments worldwide. The report, which examines both mobile and macOS platforms, identifies phishing, infostealers, and operating system vulnerabilities as major concerns and areas where enterprises need to focus their cybersecurity efforts. According to Josh Stein, Vice President of Product Strategy at Jamf, the aim of the research is to help security professionals understand and manage the challenges posed by both longstanding and emerging threats. "Our goal with this research is to inform security leaders about the risks impacting their organizations – whether those risks impact Mac or mobile – and provide tangible recommendations for safeguarding their organizations against increasingly sophisticated attacks," said Josh Stein, VP of Product Strategy at Jamf. "Age-old threats like phishing remain extremely prevalent and cannot be overlooked…nor can threats skyrocketing in popularity like infostealers. Jamf remains deeply committed to continuous threat research to not only protect our customers but also contribute valuable insights to the broader security community." Mobile threats The report notes that mobile devices are frequently the sole tools used by employees to access work resources, emphasising the need for robust defences across a variety of threat vectors. Jamf segmented its analysis of mobile device threats into four key areas: phishing, vulnerability management, application risk and malware, and spyware. Phishing attacks remain especially prevalent, with Jamf identifying approximately 10 million such attacks in the past year. The company reported that 25% of organisations experienced a social engineering incident and that one in ten users clicked on a malicious phishing link. The report suggests security training programmes and the adoption of layered, zero-trust security models can help mitigate these risks. In terms of vulnerability management, Jamf found that 32% of organisations had at least one device with critical vulnerabilities, and that 55.1% of mobile devices in use within workplaces were running on a vulnerable operating system. The company highlighted the importance of timely updates to patch known vulnerabilities, as provided by both Apple and Google. The research further discussed application risk, referencing Jamf's previous identification of a Transparency, Consent and Control (TCC) bypass flaw on iOS. The company demonstrated how side-loaded apps can compromise user privacy and emphasised the need for security controls that extend beyond just keeping operating systems up to date. Spyware and advanced malware were identified as threats that, though less frequent than on some platforms, are extremely sophisticated when they do emerge. High-profile individuals, including journalists, politicians, and diplomats, are at particular risk, with Apple sending compromise notifications to users in around 100 countries last year. The report recommends treating mobile devices with the same level of security as other endpoints in the enterprise environment. Threats to macOS Mac devices, which were once principally used by executives and creatives, have become common fixtures in enterprises across a range of sectors. According to the report, this proliferation has broadened the attack surface and increased the diversity of threats targeting the platform. Jamf outlined three principal areas of concern for macOS: application risk and malware, vulnerability management, and social engineering. Infostealers have become the dominant form of malware on Macs, accounting for 28.36% of all Mac malware analysed by Jamf, compared to just 0.25% in the previous year's findings. The report singles out employees in industries such as cryptocurrency as needing to be particularly alert, advocating for both ongoing training and adequate technological defences. The report also addresses myths about macOS security, noting that vulnerabilities persist despite perceptions of invulnerability. Jamf highlighted a recently discovered flaw in Gatekeeper, a mechanism intended to stop unverified apps from being run. The report notes the requirement for both effective technical controls and regular employee training to counter risks posed by software vulnerabilities. Social engineering threats, including phishing, exploit the widespread adoption of Macs in the workplace. Jamf cited campaigns that use professional social media platforms such as LinkedIn as initial attack vectors, rather than the email channels typically associated with phishing. The company recommends comprehensive employee training on all forms of phishing relevant to Mac users. Methodology The findings in the Security 360 Report are based on the analysis of 1.4 million devices protected by Jamf, conducted in the first quarter of 2025. The scope of analysis covered the previous year, included users in 90 countries, and spanned multiple mobile and desktop platforms, including iOS, iPadOS, Android, and macOS devices. The report draws on Jamf's proprietary Threat Intelligence, incorporating data from original research, device usage metrics, and analysis of news and external data feeds.
