Many years ago, Mac users bragged how there was no AV for Mac since there were no malware to attack them, but those security-through-obscurity days are long gone for Mac users.
The bad guys know that corporate employees widely use Macs and that they are especially common among employees with significant access like executives, knowledge workers, professionals and other so-called “high-value” workers.
In this real-training-for-free event, we will dive into the world of MacOS and its attackers. We’ll come at it from the viewpoint of someone familiar with Windows for context and contrast. You can leverage experience from the Windows world in understanding MacOS attacks because at the end of the day, operating systems all do the same thing and attackers have the same high-level goals.
Some things are hardly different at all – like Word macros. I’ll show an example of a MacOS targeted malicious Word Macro that tries to accomplish it’s dirty work via Python script. Python – that’s another commonality to Windows attacks.
Other things are common in principle but different in implementation. Attackers need to gain persistence on MacOS just like they do in Windows, but as you might expect the mechanics are very different. I’ll show you a number of persistence techniques more-or-less specific to MacOS (some are fairly common to any *nix OS) such as:
- LaunchAgents
- LaunchDaemons
- Profiles Tool
- Kernel extensions
- Folder Action scripts
And that’s just a start. We’ll look at plenty other aspects of endpoint security on Macs. For example, no Mac security discussion is complete without mentioning GateKeeper. We’ll look at ways the bad guys bypass this security feature.
Carbon Black is our sponsor and security strategist Jon Nelson will briefly show you new technology from this endpoint security leader just released for threat hunting on Macs.
Join us for this real-training-for-free event.