A new report from Picus Security has revealed concerning vulnerabilities in macOS systems, highlighting a potential gap in endpoint security that leaves them more susceptible to cyberattacks than Windows and Linux counterparts.
The report, "Blue Report 2024," simulated real-world attacks on a range of IT environments, finding that organisations successfully defended against an average of 7 out of 10 attacks across various vectors, including email, web applications, and endpoints. However, the report highlights the significant risk posed by organised cybercrime groups, suggesting a worrying margin for potential intrusion.
Of the simulated attacks, over half (56%) were detected by firewalls, while only 12% triggered an alert. The report also identified a critical vulnerability: full environment takeovers, which occur when attackers gain administrator-level privileges, enabling them to traverse systems and networks, steal data, install malware, and wreak havoc. Picus successfully achieved domain administrator access in a concerning 40% of the IT environments tested.
When examining the operating systems' performance in resisting endpoint attacks, Linux emerged as the most resilient, successfully blocking 65% of attempted intrusions. Windows followed closely at 62%, while macOS fared significantly worse, repelling only 23% of attacks. The report attributes this disparity to a "potential gap in endpoint security controls on modern macOS environments."
Volkan Ertürk, Picus Security Co-Founder and CTO, emphasises the importance of proactive security measures for macOS systems: "While we have found Macs are less vulnerable to start, the reality today is that security teams are not putting adequate resources into securing macOS systems. Our recent Blue Report research shows that security teams need to validate their macOS systems to surface configuration issues. Threat repositories, like the Picus Threat Library, are equipped with the latest and most prominent macOS-specific threats to help organisations streamline their validation and mitigation efforts."
The report also highlights the alarming prevalence of poor security practices within organisations. A concerning 25% of companies rely on common language passwords, which are easily susceptible to brute-force attacks or decryption. Additionally, only 9% of data exfiltration techniques were successfully prevented by the tested organisations. Among the most challenging cybercrime groups for organisations to defend against were BlackByte (17%), BabLock (20%), and Hive (30%).
Dr. Suleyman Ozarslan, Picus co-founder and VP of Picus Labs, stresses the interconnected nature of security vulnerabilities: "Like a cascade of falling dominoes that starts with a single push, small gaps in cybersecurity can lead to big breaches. Itâs clear that organisations are still experiencing challenges when it comes to threat exposure management and balancing priorities. Small gaps that lead to attackers obtaining domain admin access are not isolated incidents, they are widespread. Last year, the attack on MGM used domain admin privileges and super admin accounts. It stopped slot machines, shut down virtually all systems, and blocked a multi-billion-dollar company from doing business for days."
The Picus Security report serves as a stark reminder of the ever-present cyber threat landscape and the crucial need for organisations to implement robust security practices across all their operating systems, especially given the growing vulnerability of macOS environments.
