Report finds macOS fares worse than Windows and Linux at preventing cyber attacks

A laptop with digitally inserted hack warnings around it
(Image credit: Getty Images)

A worrying number of environments are vulnerable to complete takeover via escalated privileges, a new report from Picus Security has found.

Environments were tested in simulated attacks, with the average organization managing to defend against 7 out of 10 attacks across all vectors such as email, web application and endpoint attacks, but considering the constant threat presented by organized cybercrime groups this leaves a serious margin for potential intrusion.

Out of all the attacks simulated, over half (56%) were logged by firewalls, while just 12% triggered an alert.

Organizations at risk of take over

Full environment takeovers occur when an attacker can escalate their privileges to an administrator level, giving them access to move throughout systems and networks to steal data, install malware and much more. Picus was able to achieve domain admin access in 40% of the IT environments it tested.

When it comes to which operating systems were most successful at keeping out Picus' endpoint attacks, Linux took the gold keeping out 65%, shortly followed by Windows at 62%, with macOS keeping out just 23% of attempted attacks which the report attributes to a "potential gap in endpoint security controls on modern macOS environments."

“While we have found Macs are less vulnerable to start, the reality today is that security teams are not putting adequate resources into securing macOS systems,” said Volkan Ertürk, Picus Security Co-Founder and CTO. 

“Our recent Blue Report research shows that security teams need to validate their macOS systems to surface configuration issues. Threat repositories, like the Picus Threat Library, are armed with the latest and most prominent macOS specific threats to help organizations streamline their validation and mitigation efforts,” Ertürk concluded.

Many environments were also at risk from a lack of best practices, with 25% of companies using common language passwords which can easily be brute forced or decrypted into cleartext credentials. Moreover, just 9% of data exfiltration techniques were prevented by the tested organizations, with BlackByte being the most challenging group for organizations to defend against (17%), followed by BabLock (20%) and Hive (30%).

“Like a cascade of falling dominoes that starts with a single push, small gaps in cybersecurity can lead to big breaches,” said Dr. Suleyman Ozarslan, Picus co-founder and VP of Picus Labs.

“It’s clear that organizations are still experiencing challenges when it comes to threat exposure management and balancing priorities. Small gaps that lead to attackers obtaining domain admin access are not isolated incidents, they are widespread. Last year, the attack on MGM used domain admin privileges and super admin accounts. It stopped slot machines, shut down virtually all systems, and blocked a multi-billion-dollar company from doing business for days,” Ozarslan said.

More from TechRadar Pro

TOPICS
Benedict Collins
Staff Writer (Security)

Benedict has been writing about security issues for over 7 years, first focusing on geopolitics and international relations while at the University of Buckingham. During this time he studied BA Politics with Journalism, for which he received a second-class honours (upper division),  then continuing his studies at a postgraduate level, achieving a distinction in MA Security, Intelligence and Diplomacy. Upon joining TechRadar Pro as a Staff Writer, Benedict transitioned his focus towards cybersecurity, exploring state-sponsored threat actors, malware, social engineering, and national security. Benedict is also an expert on B2B security products, including firewalls, antivirus, endpoint security, and password management.