MSPs and the Rising Tide of Mac and Linux Cyberthreats
Cybercriminals are actively expanding their focus to new attack surfaces, looking high and low for points of entry into corporate environments. Anything that’s connected to a reachable network is a potential target, and historically under protected OSes — like macOS and Linux — are ripe for the picking.
Think you don’t have to worry about Mac and Linux threats? Think again. IT environments have become dramatically more complex in the last few years, especially with the rise of remote work and ever-increasing reliance on cloud services and even smart devices for everyday business ops. Cybercriminals are responding with waves of new malware designed to penetrate these operating systems.
The threat is real, and MSPs of all shapes and sizes must take these ominous trends seriously — ensuring that the services they provide will extend comprehensive protection to clients in a quickly-changing world.
Apple Mac and macOS attacks
macOS devices are increasingly prevalent in today’s IT environments, particularly after the pandemic-driven shift towards remote work models and bring-your-own-device habits. So it’s no surprise that cybercriminals, ever profit-driven, have turned their attention towards these endpoints.
Historically, Mac users have often taken comfort in the old adage that “Macs don’t get viruses.” If only it were that easy.
According to TechRadar, malware targeting macOS systems surged by over 1,000% during 2020. And in 2021, M1 chip-focused malware was discovered in the wild. Some Windows-based threats have now been ported to work on Macs, while others are crafted from the ground up to take advantage of unique macOS vulnerabilities.
One example of a growing Mac-based threat is the UpdateAgent trojan, which originated in late 2020 as a simple infostealer but quickly acquired the ability to retrieve and install secondary payloads (such as additional malware) on compromised machines. So far, the secondary malware of choice has been AdLoad, an adware variant. AdLoad launches a person-in-the-middle attack via a web proxy to hijack web search results and insert its own ads on webpages — thereby causing the “real” website owners to lose advertising revenue and instead pass those illicit gains along to the adware operators. These ads could also direct viewers to malicious web resources.
Linux, the cloud, and the Internet of Things (IoT)
Malware threats against Linux-based targets rose by 35% last year — a trend that’s only poised to continue. And while this family of operating systems isn’t as popular with the average workplace end user as Windows or macOS, the risks are more severe than you might expect.
Linux powers 90% of all cloud infrastructure, as well as 72% of IoT devices, giving attackers a tempting way to breach high-value environments en masse. And because of that dominance in the cloud — and the significant rise in the number of remote workers, malware targeting Linux-based systems has continued to increase in volume and sophistication; comparatively little focus has been placed on Linux threat detection and management. An ongoing shortage of IT and cybersecurity talent has made adopting new solutions and tactics even more difficult.
While IoT machines tend to be limited in functionality, they’re capable of delivering massive DDoS attacks when harnessed in large botnets. But Linux IoT devices have also been recruited as command-and-control servers, illicit cryptocurrency miners, and facilitators of email spam campaigns. From smart TVs and other appliances to speakers, lamps, and wearables, the number of connected devices is immense and can scale up rapidly. In many cases, the factory default login credentials have not even been changed.
How MSPs can help
As a managed service provider, you are your clients’ security lifeline, and your advice is valued. Certain defensive strategies are common to users of any modern operating system.
Stress the importance of proactive cyber hygiene — recognizing and avoiding interaction with suspicious websites and emails. Phishing attacks remain the most common means of accessing corporate systems and networks. Strong password policies are key as well, including making sure to reset the default credentials on all connected devices.
Remind clients of the importance of the 3-2-1 backup rule: Create three copies of your data, on at least two different types of media, and keep at least one backup file offsite.
Most importantly, set your clients up for success with a full suite of services that include integrated cybersecurity, backup, and endpoint protection management for all operating systems in their environment, not just Windows. As a flood of new cyberthreats emerges, incorporating automation techniques can help keep you afloat while saving considerable resources.
Our world has become more vulnerable to cyberattacks than ever before. As established in the Acronis Cyberthreats Report 2022, ransomware has been — and continues to be — one of the most profitable threats. Its reach is expanding even further to macOS and Linux, as well as to new environments such as virtual systems, the cloud, and the IoT.
This rampant acceleration is already having devastating impacts in the real world, as well as driving demand for regulations and sanctions. Newer strategies like stealing data for double extortion as well as disabling security tools have become the norm; we can also expect attacks to become more personal, with criminals increasingly using mined or stolen data to tailor their campaigns. And while law enforcement agencies are more involved than ever, they may still struggle to keep up with constantly evolving cybercrime tactics.
As an MSP, the security services you deliver can make or break your clients’ very existence — as well as your own business. Remember that in the current threat environment, no person or organization is immune to cyberattacks. As such, look towards solutions that enable comprehensive cyber protection for Windows, macOS, and Linux systems and give you and your clients added peace of mind in a very challenging time.
This guest blog is courtesy of Acronis. Read more Acronis guest blogs here. Regularly contributed guest blogs are part of ChannelE2E’s sponsorship program.