Stuart Ashenbrenner is a Staff macOS Researcher focusing on macOS security and development at Huntress. And he is the co-author and core developer of the open source macOS incident response tool called Aftermath. He’s the ideal person to give advice on all things Mac.

Wes Hutcherson is the Director of Product Marketing for Huntress, where he oversees market intelligence and go to marketing strategies. His multifaceted technology and cybersecurity experience spans over a decade.

An Interview With Stuart Ashenbrenner and Wes HutchersonThe Current macOS Threat Landscape

For many years, Mac computers have been considered a safer option when it comes to cybersecurity. This mistaken belief, as Stu explains, comes from a marketing campaign by Apple which said ‘Macs don’t get viruses.’

Of course, there was built-in protection, but users were (and are) convinced their machine is safe. But as attack techniques become more sophisticated, there will be similar targeted attacks to those seen by Windows users.

Larger organisations will be more at risk, too. MSPs will have to prepare for adware, POPs and other types of malware. The challenge is not so much the threats themselves but the belief of the users.

The Huntress Mac Support Offering

Wes explains that Huntress found that many providers had been adding their Windows component onto macOS and assuming that nobody would notice. “It’s like baseball and cricket. They both use bats and balls, but the rules are completely different.

“And that means the outcomes are going to be completely different too. So we went out and hired macOS experts. We asked them to help us understand the nuances of the OS so we could detect the threats that are more prevalent on Macs compared to Windows.”

They also found that, while there are more threats to Windows out there, there has been a greater increase in threats to Macs over the last year or so. “So we looked at threat detections we could develop specific to macOS. And then we could build response capabilities to isolate and eradicate those threats.”

Today’s Most Common Attack Vectors Affecting macOS Security

Huntress have found outliers that leverage zero day attacks, either in the OS itself or within the software supply chain. However, Stu explains that the vast majority are adware or malicious extensions.

“It’s very different to the Windows platform. There are a lot of browser or search engine hijacking, or PUPs. And to users, it doesn’t seem that bad. It’s not a nation state trying to move across your network.

“But that can lead to a false sense of security which makes them more vulnerable later on. Crypto mining and info stealers are big right now, and they’re leading to massive losses, whether that’s data or money.”

Recommended Best Practices to Enhance macOS Security for MSP Clients

Firstly, Stuart says it’s important to recognise that many of these Mac threats are recent. “10 years ago, there were very few threats. “But the increase in BYOD (bring your own device) and working from home has added to the problems.

“Employers have been happy to let staff use their own computers. Which leads to them installing all kinds of programmes which weren’t’ secure enough. So the best thing to leverage an MDM. The MSP can do that on the client’s behalf.

“And that’s not common for MSPs, especially if they’re used to PCs. But it’s Apple’s recommended way to protect software. That way, every time the user goes to open a new programme, there’s a prompt the approve the tool. That gives autonomy over app permissions.”

How to Deal With Clients Who Believe Their Mac is Secure Enough

No matter what you say, some clients won’t accept that their Mac computers are at risk. So, as Wes explains, you have to give them concrete examples to help them understand the threats.

“At my previous company, we carried out a study where we recruited ethical hackers to do some penetration tests. We asked them how fast they could gain access to a network and complete an attack. 57% said they could do it in under 25 hours.

“Then, we asked them how often they’re detected. And 72% said they’re rarely noticed, with 82% saying very few companies can stop them. So we took that data to those clients and showed them how easy it was. That really brought it home for them. So use hard facts whenever you can.”

How to Stay Ahead of Evolving macOS Security Threats

The main recommendation Wes has is to make sure that your MSP has an endpoint detection response standpoint. “There are unique components for Mac visibility compared to Windows, so I’d say stay ahead.

“Remember that you can’t detect what you can’t see, so you need to pay attention.  If you decide to have a third-party provider to help with EDR, ensure they have a macOS dedicated threat intelligence or development team.

“And remind clients that attackers can strike at any time. Being isolated isn’t enough. Consider all the components to stay ahead and regard these as critical capabilities. Take the time to find the right provider and to educate your clients.”

How to Connect With Stuart Ashenbrenner and Wes HutchersonHuntressFollow Huntress on LinkedInLike Huntress on FacebookFollow Huntress on XConnect with Stuart on LinkedInConnect with Wes on LinkedInHow to Connect With MeSubscribe to TubbTalk RSS feedSubscribe, rate and review TubbTalk on iTunesSubscribe and rate TubbTalk on SpotifyFollow TubbTalk on iHeartRadioFollow @tubblog on TwitterMentioned in This EpisodeOpen source macOS incident response tool: AftermathPodcast: Interview with Dray AghaMalware: Atomic macOS Stealer (AMOS)Trojan: Info StealerShell programme: BashScripting language: AppleScriptKnowledge base: MITRE ATT&CKmacOS threat: CuckooXM Cyber study into breach and attack simulationsSlack community: MacAdminsBlog series: Ask the Mac Guy: macOS Security MythsOn-demand webinar: Dealing with Mac threatsMSP peer group: The Tech TribeMonthly Huntress get-together: Tradecraft TuesdayHuntress: Free trialYou Might Also be Interested inWebinar: Chilling Cybersecurity Horror Stories from the Professionals at HuntressIn-House or Outsourced Cybersecurity: What’s Best for MSPs?Top Tech and Insights From Cloud & Cybersecurity Expo

The post TubbTalk 155: How To Stop Mac Hacks In Their Tracks and Bolster macOS Security appeared first on Tubblog: The Hub for MSPs.