By doing so, the hacker was able to install a malicious software program that gave them access to the fund's email system which they used to send off fake invoices [to the fund’s trustees and administrator for the amount of approximately AUD 8 700 000, of which AUD 88 000 was paid.]
Edit: Note that there was a lapse of diligence on the payer’s side as well.
It should be easy to track the criminal.
By doing so, the hacker was able to install a malicious software program that gave them access to the fund's email system which they used to send off fake invoices.
So, despite me not liking them, Apple would be safer because no one probably bothered to write the backdoor for Macs (maybe that's a market, since rich "hedge fund" folks would prefer bling computers?), and their nanny software would probably have said "No, you can't install this!".
Alternatively the hacker could've written a browser extension, I doubt those have adequate protection...
So would everyone else if Apple shared their blacklists, or we had collaborative and open lists.
Using this as a reason to recommend taking the corporate OS route is deceiving, as it doesn't address the underlying roots of why antivirus is needed in the first place (systemic Capitalist exploitation, and the Elites privatizing and owning the means of production).
I think if Apple locks down MacOS enough to actually protect users (not just continue the platform's illusion of superiority) you'll know because ISVs will all say it's impossible to get anything done and abandon the platform.
It's very hard to have a platform that's locked down enough to keep people truly safe as this assumes, while keeping it viable for general purpose third party software from ISVs.
I actually ran into one of the corner cases for this recently. Say you own a Yubico Security Key. With any decent web browser you can use this with WebAuthn or U2F and it's unphishable. But, the Security Key itself is relying on your web browser being honest about the origin.
On an iPhone there is only one web browser, Apple made it, everybody else can only re-skin it a bit. So, no problem, Apple's web browser is honest and any third party software that says "Hi I'm your web browser, I need to sign into google.com" does not work, it isn't your web browser.
On a Windows PC, or a Mac, any program can say it's a web browser, if you're foolish enough to install ZoomUpgrade.exe it can tell your Security Key "I'm a web browser, give me credentials for google.com" and that works, the OS has no way to know if this is or is not a web browser.
Android gives you an interesting middle case. Not only Chrome but also Firefox works. Ah, but only the official Mozilla builds of Firefox. If you build Firefox, name it "Netsharc 1000" and try to install it on your Android, it mysteriously can't do WebAuthn. As well as all those Android permissions you can ask for in the manifest, and the ones you have to ask for explicitly at runtime, there are extra permissions only the platform owner (Google) can grant, and official builds of Firefox have the "I'm really a web browser" permission which allows them to use the Security Key for web sites.
I'd bet a lot fewer people install browser extensions than install Zoom. Security isn't about absolute protection but about making things ever more difficult to exploit.