Stuart Ashenbrenner is a Staff macOS Researcher focusing on macOS security and development at Huntress. And he is the co-author and core developer of the open source macOS incident response tool called Aftermath. He’s the ideal person to give advice on all things Mac.
Wes Hutcherson is the Director of Product Marketing for Huntress, where he oversees market intelligence and go to marketing strategies. His multifaceted technology and cybersecurity experience spans over a decade.
An Interview With Stuart Ashenbrenner and Wes Hutcherson
The Current macOS Threat Landscape
For many years, Mac computers have been considered a safer option when it comes to cybersecurity. This mistaken belief, as Stu explains, comes from a marketing campaign by Apple which said ‘Macs don’t get viruses.’
Of course, there was built-in protection, but users were (and are) convinced their machine is safe. But as attack techniques become more sophisticated, there will be similar targeted attacks to those seen by Windows users.
Larger organisations will be more at risk, too. MSPs will have to prepare for adware, POPs and other types of malware. The challenge is not so much the threats themselves but the belief of the users.
The Huntress Mac Support Offering
Wes explains that Huntress found that many providers had been adding their Windows component onto macOS and assuming that nobody would notice. “It’s like baseball and cricket. They both use bats and balls, but the rules are completely different.
“And that means the outcomes are going to be completely different too. So we went out and hired macOS experts. We asked them to help us understand the nuances of the OS so we could detect the threats that are more prevalent on Macs compared to Windows.”
They also found that, while there are more threats to Windows out there, there has been a greater increase in threats to Macs over the last year or so. “So we looked at threat detections we could develop specific to macOS. And then we could build response capabilities to isolate and eradicate those threats.”
Today’s Most Common Attack Vectors Affecting macOS Security
Huntress have found outliers that leverage zero day attacks, either in the OS itself or within the software supply chain. However, Stu explains that the vast majority are adware or malicious extensions.
“It’s very different to the Windows platform. There are a lot of browser or search engine hijacking, or PUPs. And to users, it doesn’t seem that bad. It’s not a nation state trying to move across your network.
“But that can lead to a false sense of security which makes them more vulnerable later on. Crypto mining and info stealers are big right now, and they’re leading to massive losses, whether that’s data or money.”
Recommended Best Practices to Enhance macOS Security for MSP Clients
Firstly, Stuart says it’s important to recognise that many of these Mac threats are recent. “10 years ago, there were very few threats. “But the increase in BYOD (bring your own device) and working from home has added to the problems.
“Employers have been happy to let staff use their own computers. Which leads to them installing all kinds of programmes which weren’t’ secure enough. So the best thing to leverage an MDM. The MSP can do that on the client’s behalf.
“And that’s not common for MSPs, especially if they’re used to PCs. But it’s Apple’s recommended way to protect software. That way, every time the user goes to open a new programme, there’s a prompt the approve the tool. That gives autonomy over app permissions.”
How to Deal With Clients Who Believe Their Mac is Secure Enough
No matter what you say, some clients won’t accept that their Mac computers are at risk. So, as Wes explains, you have to give them concrete examples to help them understand the threats.
“At my previous company, we carried out a study where we recruited ethical hackers to do some penetration tests. We asked them how fast they could gain access to a network and complete an attack. 57% said they could do it in under 25 hours.
“Then, we asked them how often they’re detected. And 72% said they’re rarely noticed, with 82% saying very few companies can stop them. So we took that data to those clients and showed them how easy it was. That really brought it home for them. So use hard facts whenever you can.”
How to Stay Ahead of Evolving macOS Security Threats
The main recommendation Wes has is to make sure that your MSP has an endpoint detection response standpoint. “There are unique components for Mac visibility compared to Windows, so I’d say stay ahead.
“Remember that you can’t detect what you can’t see, so you need to pay attention. If you decide to have a third-party provider to help with EDR, ensure they have a macOS dedicated threat intelligence or development team.
“And remind clients that attackers can strike at any time. Being isolated isn’t enough. Consider all the components to stay ahead and regard these as critical capabilities. Take the time to find the right provider and to educate your clients.”
How to Connect With Stuart Ashenbrenner and Wes Hutcherson
- Huntress
- Follow Huntress on LinkedIn
- Like Huntress on Facebook
- Follow Huntress on X
- Connect with Stuart on LinkedIn
- Connect with Wes on LinkedIn
How to Connect With Me
- Subscribe to TubbTalk RSS feed
- Subscribe, rate and review TubbTalk on iTunes
- Subscribe and rate TubbTalk on Spotify
- Follow TubbTalk on iHeartRadio
- Follow @tubblog on Twitter
Mentioned in This Episode
- Open source macOS incident response tool: Aftermath
- Podcast: Interview with Dray Agha
- Malware: Atomic macOS Stealer (AMOS)
- Trojan: Info Stealer
- Shell programme: Bash
- Scripting language: AppleScript
- Knowledge base: MITRE ATT&CK
- macOS threat: Cuckoo
- XM Cyber study into breach and attack simulations
- Slack community: MacAdmins
- Blog series: Ask the Mac Guy: macOS Security Myths
- On-demand webinar: Dealing with Mac threats
- MSP peer group: The Tech Tribe
- Monthly Huntress get-together: Tradecraft Tuesday
- Huntress: Free trial
You Might Also be Interested in
Richard Tubb is one of the best-known experts within the global IT Managed Service Provider (MSP) community. He launched and sold his own MSP business before creating a leading MSP media and consultancy practice. Richard helps IT business owner’s take back control by freeing up their time and building a business that can run without them. He’s the author of the book “The IT Business Owner’s Survival Guide” and writer of the award-winning blog www.tubblog.co.uk
All PostsYou might like:
Comments