TubbTalk 155: How To Stop Mac Hacks In Their Tracks and Bolster macOS Security - Tubblog: The Hub for MSPs

TubbTalk 155: How To Stop Mac Hacks In Their Tracks and Bolster macOS Security

TubbTalk 155: How To Stop Mac Hacks In Their Tracks and Bolster macOS Security image

Stuart Ashenbrenner is a Staff macOS Researcher focusing on macOS security and development at Huntress. And he is the co-author and core developer of the open source macOS incident response tool called Aftermath. He’s the ideal person to give advice on all things Mac.

Wes Hutcherson is the Director of Product Marketing for Huntress, where he oversees market intelligence and go to marketing strategies. His multifaceted technology and cybersecurity experience spans over a decade.

An Interview With Stuart Ashenbrenner and Wes Hutcherson

The Current macOS Threat Landscape

For many years, Mac computers have been considered a safer option when it comes to cybersecurity. This mistaken belief, as Stu explains, comes from a marketing campaign by Apple which said ‘Macs don’t get viruses.’

Of course, there was built-in protection, but users were (and are) convinced their machine is safe. But as attack techniques become more sophisticated, there will be similar targeted attacks to those seen by Windows users.

Larger organisations will be more at risk, too. MSPs will have to prepare for adware, POPs and other types of malware. The challenge is not so much the threats themselves but the belief of the users.

The Huntress Mac Support Offering

Wes explains that Huntress found that many providers had been adding their Windows component onto macOS and assuming that nobody would notice. “It’s like baseball and cricket. They both use bats and balls, but the rules are completely different.

“And that means the outcomes are going to be completely different too. So we went out and hired macOS experts. We asked them to help us understand the nuances of the OS so we could detect the threats that are more prevalent on Macs compared to Windows.”

They also found that, while there are more threats to Windows out there, there has been a greater increase in threats to Macs over the last year or so. “So we looked at threat detections we could develop specific to macOS. And then we could build response capabilities to isolate and eradicate those threats.”

Today’s Most Common Attack Vectors Affecting macOS Security

Huntress have found outliers that leverage zero day attacks, either in the OS itself or within the software supply chain. However, Stu explains that the vast majority are adware or malicious extensions.

“It’s very different to the Windows platform. There are a lot of browser or search engine hijacking, or PUPs. And to users, it doesn’t seem that bad. It’s not a nation state trying to move across your network.

“But that can lead to a false sense of security which makes them more vulnerable later on. Crypto mining and info stealers are big right now, and they’re leading to massive losses, whether that’s data or money.”

What can #MSPs do to better support Mac-using clients and keep them safe? Stuart Ashenbrenner and Wes Hutcherson of @HuntressLabs share their top tips on macOS security. Click to Tweet

Recommended Best Practices to Enhance macOS Security for MSP Clients

Firstly, Stuart says it’s important to recognise that many of these Mac threats are recent. “10 years ago, there were very few threats. “But the increase in BYOD (bring your own device) and working from home has added to the problems.

“Employers have been happy to let staff use their own computers. Which leads to them installing all kinds of programmes which weren’t’ secure enough. So the best thing to leverage an MDM. The MSP can do that on the client’s behalf.

“And that’s not common for MSPs, especially if they’re used to PCs. But it’s Apple’s recommended way to protect software. That way, every time the user goes to open a new programme, there’s a prompt the approve the tool. That gives autonomy over app permissions.”

How to Deal With Clients Who Believe Their Mac is Secure Enough

No matter what you say, some clients won’t accept that their Mac computers are at risk. So, as Wes explains, you have to give them concrete examples to help them understand the threats.

“At my previous company, we carried out a study where we recruited ethical hackers to do some penetration tests. We asked them how fast they could gain access to a network and complete an attack. 57% said they could do it in under 25 hours.

“Then, we asked them how often they’re detected. And 72% said they’re rarely noticed, with 82% saying very few companies can stop them. So we took that data to those clients and showed them how easy it was. That really brought it home for them. So use hard facts whenever you can.”

How to Stay Ahead of Evolving macOS Security Threats

The main recommendation Wes has is to make sure that your MSP has an endpoint detection response standpoint. “There are unique components for Mac visibility compared to Windows, so I’d say stay ahead.

“Remember that you can’t detect what you can’t see, so you need to pay attention.  If you decide to have a third-party provider to help with EDR, ensure they have a macOS dedicated threat intelligence or development team.

“And remind clients that attackers can strike at any time. Being isolated isn’t enough. Consider all the components to stay ahead and regard these as critical capabilities. Take the time to find the right provider and to educate your clients.”

How to Connect With Stuart Ashenbrenner and Wes Hutcherson

How to Connect With Me

Mentioned in This Episode

You Might Also be Interested in

RICHARD TUBB

Richard Tubb is one of the best-known experts within the global IT Managed Service Provider (MSP) community. He launched and sold his own MSP business before creating a leading MSP media and consultancy practice. Richard helps IT business owner’s take back control by freeing up their time and building a business that can run without them. He’s the author of the book “The IT Business Owner’s Survival Guide” and writer of the award-winning blog www.tubblog.co.uk

All Posts

You might like:

TubbTalk 159: How to Use Personal Branding to Boost Your MSP’s Reach image

TubbTalk 159: How to Use Personal Branding to Boost Your MSP’s Reach

Podcasts | By Richard Tubb
Bonusode: The Secret to Growing a Successful MSP: Don’t go it Alone image

Bonusode: The Secret to Growing a Successful MSP: Don’t go it Alone

Podcasts | By Richard Tubb
TubbTalk 158: Sales, Remote Working and Automation: Powerful Advice for Modern MSPs image

TubbTalk 158: Sales, Remote Working and Automation: Powerful Advice for Modern MSPs

Podcasts | By Richard Tubb
Bonusode: How IT Glue are Harnessing AI to Improve Documentation for MSPs image

Bonusode: How IT Glue are Harnessing AI to Improve Documentation for MSPs

Podcasts | By Richard Tubb
TubbTalk 157: Looking Into The Mindset Of A Successful, Modern MSP image

TubbTalk 157: Looking Into The Mindset Of A Successful, Modern MSP

Podcasts | By Richard Tubb
TubbTalk 156: How To Partner With a Vendor To Grow Your MSP Business image

TubbTalk 156: How To Partner With a Vendor To Grow Your MSP Business

Podcasts | By Richard Tubb
TubbTalk 154: How to Use and Sell Microsoft Copilot for MSP Growth image

TubbTalk 154: How to Use and Sell Microsoft Copilot for MSP Growth

Podcasts | By Richard Tubb
TubbTalk 153: The Godfather Of Modern Productivity: How To Leverage GTD For Teams image

TubbTalk 153: The Godfather Of Modern Productivity: How To Leverage GTD For Teams

Podcasts | By Richard Tubb
TubbTalk 152: The MSP Owner’s Guide to Becoming a Better Leader image

TubbTalk 152: The MSP Owner’s Guide to Becoming a Better Leader

Podcasts | By Richard Tubb
TubbTalk 151: How to Uncover Cutting Edge Cybersecurity Solutions for MSPs image

TubbTalk 151: How to Uncover Cutting Edge Cybersecurity Solutions for MSPs

Podcasts | By Richard Tubb
TubbTalk Travelogue: MSP Show & SuperOps SuperSummit 2024 image

TubbTalk Travelogue: MSP Show & SuperOps SuperSummit 2024

Events | By Richard Tubb
TubbTalk 150: 25 Years an MSP – Valuable Lessons You Learn from Longevity image

TubbTalk 150: 25 Years an MSP – Valuable Lessons You Learn from Longevity

Podcasts | By Richard Tubb

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

Share via
Send this to a friend