<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1076912843267184&amp;ev=PageView&amp;noscript=1">

RL Blog

|

With growing threats to Apple devices, Kandji ramps up

Kandji Director of Threat Intelligence Devin Byrd talks about the growing enterprise threats to macOS and iOS endpoints.

Carolynn van Arsdale
Blog Author

Carolynn van Arsdale, Writer, ReversingLabs. Read More...

ConversingLabs Cafe at Bh visuals-03

For most of the 21st Century, Windows has been the dominant driver behind the operating system (OS) market, with the majority of computer users and companies turning to Windows-supported devices. Throughout the 1990s, Windows accounted for 90% or more of the desktop operating system market. And, as recently as 2012 Windows dominated over 85% of the OS market, outweighing competitors by a hefty margin.

For threat actors looking to exploit the maximum number of users with a cyber attack, it would have made the most sense for them to “fish where the fish are” and execute malicious campaigns designed for Windows. That’s why the cybersecurity industry’s efforts have been more pointed at Windows, rather than macOS and Linux. 

But in the past decade, the OS market has slowly changed, giving greater share to macOS. By February 2023, macOS accounted for close to 30% of the OS market, almost double its share in 2012, according to data from GlobalStats, while Windows share dropped to 57%. For cybercriminals, this market shift created new avenues for attacks worth exploiting, with more and more workers, especially younger ones like Gen Z, bringing macOS devices into the workplace. With much of the cybersecurity industry still heavily focused on Windows that created an opportunity for a firm focused on mitigating cyber threats to macOS users, including incidents like software supply chain attacks.

Enter Kandji, a security platform for Apple endpoint device management. At the 2023 Black Hat USA conference in Las Vegas, ConversingLabs host Paul Roberts met with Devin Byrd, Director of Threat Intelligence at Kandji, to discuss how the company is handling the growing threats to macOS and iOS devices and what — if anything — distinguishes attacks on macOS and iOS devices from their Windows-focused cousins.  

[ See ConversingLabs with Devin Byrd: Apple Devices as a Growing Attack Vector ]

Move over Windows, macOS is now a big target

In this ConversingLabs Café episode, Byrd talks to Roberts about the early days of Kandji, when the rest of the cybersecurity community looked at skepticism on a company focused on threats to Macs and iOS devices. 

“For the longest time, we (Kandji) were the black sheep. People were like, ‘Why are you studying macOS security? Nobody cares.’”
Devin Byrd

Windows has “always been the cash cow,” but with the rise of younger generations like Millennials and now Gen Z entering the workforce, the demand for macOS and iOS is growing, while finding experts in Mac and Apple device security remains a challenge.  

“Finding the people with those expertise has been really difficult and hard."
—Devin Byrd 

Byrd said he believes that with more macOS users, threat actors are attacking iOS and macOS devices, seeing them as worthy targets in the same way that Windows devices are. And due to the smaller share that macOS has had in the market, there hasn’t been enough efforts to combat these growing threats.

Join ConversingLabs and learn

Learn more about Kandji's approach to securing iOS and macOS devices in the newest episode of ConversingLabs, where you will hear Byrd’s full conversation with Paul Roberts. Or listen to the episode wherever you get your podcasts.  

Get up to speed on RL's malware analysis and threat hunting solution updates with our year in review post. Plus: Learn more about our malware analysis and threat hunting solutions

More Blog Posts

    Special Reports

    Latest Blog Posts

    Chinese APT Group Exploits SOHO Routers Chinese APT Group Exploits SOHO Routers

    Conversations About Threat Hunting and Software Supply Chain Security

    Reproducible Builds: Graduate Your Software Supply Chain Security Reproducible Builds: Graduate Your Software Supply Chain Security

    Glassboard conversations with ReversingLabs Field CISO Matt Rose

    Software Package Deconstruction: Video Conferencing Software Software Package Deconstruction: Video Conferencing Software

    Analyzing Risks To Your Software Supply Chain