For most of the 21st Century, Windows has been the dominant driver behind the operating system (OS) market, with the majority of computer users and companies turning to Windows-supported devices. Throughout the 1990s, Windows accounted for 90% or more of the desktop operating system market. And, as recently as 2012 Windows dominated over 85% of the OS market, outweighing competitors by a hefty margin.
For threat actors looking to exploit the maximum number of users with a cyber attack, it would have made the most sense for them to “fish where the fish are” and execute malicious campaigns designed for Windows. That’s why the cybersecurity industry’s efforts have been more pointed at Windows, rather than macOS and Linux.
But in the past decade, the OS market has slowly changed, giving greater share to macOS. By February 2023, macOS accounted for close to 30% of the OS market, almost double its share in 2012, according to data from GlobalStats, while Windows share dropped to 57%. For cybercriminals, this market shift created new avenues for attacks worth exploiting, with more and more workers, especially younger ones like Gen Z, bringing macOS devices into the workplace. With much of the cybersecurity industry still heavily focused on Windows that created an opportunity for a firm focused on mitigating cyber threats to macOS users, including incidents like software supply chain attacks.
Enter Kandji, a security platform for Apple endpoint device management. At the 2023 Black Hat USA conference in Las Vegas, ConversingLabs host Paul Roberts met with Devin Byrd, Director of Threat Intelligence at Kandji, to discuss how the company is handling the growing threats to macOS and iOS devices and what — if anything — distinguishes attacks on macOS and iOS devices from their Windows-focused cousins.
[ See ConversingLabs with Devin Byrd: Apple Devices as a Growing Attack Vector ]
Move over Windows, macOS is now a big target
In this ConversingLabs Café episode, Byrd talks to Roberts about the early days of Kandji, when the rest of the cybersecurity community looked at skepticism on a company focused on threats to Macs and iOS devices.
“For the longest time, we (Kandji) were the black sheep. People were like, ‘Why are you studying macOS security? Nobody cares.’”
—Devin Byrd
Windows has “always been the cash cow,” but with the rise of younger generations like Millennials and now Gen Z entering the workforce, the demand for macOS and iOS is growing, while finding experts in Mac and Apple device security remains a challenge.
“Finding the people with those expertise has been really difficult and hard."
—Devin Byrd
Byrd said he believes that with more macOS users, threat actors are attacking iOS and macOS devices, seeing them as worthy targets in the same way that Windows devices are. And due to the smaller share that macOS has had in the market, there hasn’t been enough efforts to combat these growing threats.
Join ConversingLabs and learn
Learn more about Kandji's approach to securing iOS and macOS devices in the newest episode of ConversingLabs, where you will hear Byrd’s full conversation with Paul Roberts. Or listen to the episode wherever you get your podcasts.
Keep learning
- Learn how to do more with your SOAR with our Webinar: Enhance Your SOC With Threat Intelligence Enrichment.
- Get schooled by the lessons of Layer 8: See Dr. Jessica Barker on The Human Elements Driving Cyber Attacks.
- Go deep on e-discovery with our Webinar: Strengthening Malware Defenses in Legal Firms.
Explore RL's Spectra suite: Spectra Assure for software supply chain security, Spectra Detect for scalable file analysis, Spectra Analyze for malware analysis and threat hunting, and Spectra Intelligence for reputation data and intelligence.