Macs in the Age of the APT presented at BlackhatUSA 2011

by Alex Stamos, Aaron Grattafiori, Tom Daniels, Paul Youn, B.j. Orvis,


Summary : The term "Advanced Persistent Threat" has been wildly overused, often by intrusion victims attempting to make excuses for their poor security preparedness. This labeling abuse should not distract from the fact that many Western businesses are facing industrial espionage on a wide scale. These attacks utilize a very effective combination of social engineering, custom malware development and a good understanding of the weaknesses commonly found in corporate Windows networks.
The increasing market share of Macs in large and small businesses throws a wrench into the plans of attackers and defenders alike. Does the Cocoa API provide equivalent opportunities for malicious software as Win32? Should corporate IT departments utilize OpenDirectory and other Apple management technologies to take control of their Macs? Can OS X Server stand up to escalation attacks better than the oft-updated Active Directory?
This talk will attempt to answer these questions by examining how Macs compare to Windows during every step of the APT attack chain. The speakers will use their experience responding to these attacks to measure OS X against the resiliency of Windows 7 and 2008R2, and will game out how attackers can carry out each step, from initial exploitation to exfiltration, using only issues in Apple technologies. We will complete the talk with recommendations on how to handle Macs in your corporate network, and will demonstrate steps to harden OS X Servers and detect infiltration early in it's lifecycle.