![\"\"](\"https:\/\/partnernews.sophos.com\/en-us\/wp-content\/uploads\/sites\/3\/2020\/10\/Image-1.png?w=300\")
<\/p>\nIt\u2019s increasingly rare these days to speak to a customer who is not aware of the need Mac OS protection however I\u2019m sure those of you reading this will have come across at least a few in your time.\u00a0Although like all great myths there is often a small element of truth and one thing Apple is great at is marketing.<\/p>\n
<\/p>\n
Ah the good old days! If Only the number of \u201cViruses\u201d was still this low!<\/p>\n
This Ad from 2006 can still be seen here\u00a0<\/a>and so perhaps it\u2019s unsurprising that there is still some misconception around Apple Mac devices and security in the workplace as ads such as these can linger in the mind. So, let’s take an up to date look at Mac threats and what Sophos can now do in terms of providing visibility and protection against these threats.<\/p>\n The truth is proportionally, there isn\u2019t as much Mac Malware out in the wild as we see on Windows.\u00a0\u00a0However, there\u2019s certainly is enough to be getting on with! A list of current OSX specific detections from Sophos Labs can be seen here.<\/a><\/p>\n Apple is also aware of\u00a0OSX threats\u00a0and has been for some time,\u00a0which\u00a0is why\u00a0current\u00a0versions of OSX comes\u00a0with a client firewall and a security feature called Gatekeeper. Gatekeeper\u00a0is\u00a0designed to help prevent users downloading malware from compromised web sites.\u00a0Unfortunately, Mac users are also very good at installing all sorts of \u201cinteresting\u201d applications and tend to disable or ignore Gatekeeper \u2013 so making it useless.\u00a0Back in 2016 we saw OSX\/Keydnap\u00a0allow cyber criminals to remotely access your Mac and use it as a beach head as for a more widespread attack into your organisation. It was also able to bypass Gatekeeper by packing\u00a0OSX.Keydnap\u00a0within a legitimate signing key. As was the case when the \u201cTransmission\u201d app was compromised.<\/p>\n For close to two years now, the\u00a0Shlayer\u00a0Trojan has been the most common threat on the macOS platform: in 2019, one in ten of our Mac security solutions encountered this malware at least once, and it accounts for almost 30% of all detections for this OS. The first specimens of this family fell into our\u00a0hands back in February 2018, and we have since collected almost 32,000 different malicious samples of the Trojan and identified 143 C&C server domains<\/p>\n A\u00a0more current\u00a0example of this is\u00a0a new\u00a0variant of this\u00a0Trojan that is specifically designed to circumvent macOS Catalina’s\u00a0security\u00a0measures\u00a0–\u00a0Intego\u00a0who discovered the malware, describe it in their security blog,\u00a0here<\/a>.<\/p>\n It\u2019s\u00a0hard to talk about endpoint security without mentioning ransomware these days and as you might have guessed Macs are no exception. Indeed, this summer, Security researchers have discovered a new ransomware strain targeting macOS users named OSX.ThiefQuest (or EvilQuest). Security researcher Patrick Wardle publised an in-depth analysis of the malware\u00a0in his security blog<\/a>, observing that\u00a0encrypting the victim’s files,\u00a0Thief Quest\u00a0also installs a keylogger, a reverse shell, and steals cryptocurrency wallet-related files from infected hosts.<\/p>\n The Bigger Picture<\/strong><\/p>\n At an organisational level a Mac should be seen for what it is, just one more endpoint that an attacker could compromise. Increasingly we are seeing more targeted attacks and adversaries \u201cliving of the land\u201d. If a criminal can steal credentials via phishing or brute force it doesn\u2019t matter all that much what OS you are running. They can potentially use your own internal tools, file shares and protocols against you. What does matter is being able to detect a breach and have tools to see what a cybercriminal or insider threat may be doing and how they’re doing it so you can mitigate and protect against that threat.<\/p>\n This is where the need for\u00a0Endpoint Detection and Response\u00a0tools come into play.<\/p>\n As of September 15th,\u00a0we have made Intercept X Advanced with EDR\u00a0available for Macs this allows your customers to not only have Intercept X protecting them against the latest threats and Mac Ransomware but\u00a0with EDR\u00a0also gives them the\u00a0visibility\u00a0they need across their entire estate\u00a0which as of now includes Windows Mac and\u00a0Linux!<\/p>\n EDR\u00a0for\u00a0Mac includes both live query and liver response which\u00a0leverages\u00a0Osquery\u00a0technology to query all your\u00a0assets in your estate in\u00a0real-time. These tools can be used\u00a0to investigate\u00a0a\u00a0threat or\u00a0just to get better visibility or your\u00a0estate.\u00a0To learn more about how the EDR product works\u00a0look\u00a0at the following release article<\/a>.<\/p>\n The EDR release on Mac gives you that full across state visibility and is something that\u00a0as well as providing you with the tools to do threat hunting can be used for day to day admin tasks.<\/p>\n As great as EDR tools are we realise not all customers and partners have the time or expertise to use these tools to do active threat hunting. That\u2019s’ why we a few months back now,\u00a0released our Managed Threat Response service<\/a>. Which allows you and the customer to take advantage of all the great EDR tools but leave the threat hunting up to\u00a0Sophos\u2019s\u00a0team of threat hunters providing 24\/7\u00a0cover of your customer\u2019s\u00a0estate.<\/p>\n![\"\"](\"https:\/\/partnernews.sophos.com\/en-us\/wp-content\/uploads\/sites\/3\/2020\/10\/Image-2.png?w=300\")
<\/p>\n![\"\"](\"https:\/\/partnernews.sophos.com\/en-us\/wp-content\/uploads\/sites\/3\/2020\/10\/Image-3.png?w=300\")
<\/p>\n![\"\"](\"https:\/\/partnernews.sophos.com\/en-us\/wp-content\/uploads\/sites\/3\/2020\/10\/Image-4.png?w=300\")
<\/p>\n