During the pandemic, cybersecurity became a USD one trillion problem as remote workers supplied a plethora of new Cyber Attack vectors.
By Debajit Sarkar
In a report released last week, by seventeen media organizations led by the Paris based group Forbidden Stories, the Pegasus spyware licensed by Israeli company NSO had been utilized in attempted and successful hacking of smartphones belonging to journalists, government officials, and human rights activists. However, NSO issued a statement on rejecting the reporting by the media partners, saying it was “full of wrong assumptions and uncorroborated theories”. Fresh revelations suggest French President Emmanuel Macron was among the 50,000 people targeted by the Pegasus spyware project.
Covid 19 Pandemic and Cybersecurity
During the pandemic, cybersecurity became a USD one trillion problem as remote workers supplied a plethora of new Cyber Attack vectors. Principles of ZeroTrust security proved useful. Both enterprises and small businesses increased spending on identity and access management. In 2021 the top 5 security vulnerabilities are likely to be:
(2) Broken Authentication;
(3) Sensitive Data Exposure;
(4) XML External Entities;
(5) Broken Access Control
“Cyber weapons” have come a long way since the days of Suter –a malicious program that attacks computer networks and communications systems belonging to an enemy. Demand for cyber weapons is anticipated to be driven by the massive investment made by countries like China and the U.S in the development of next generation cyber weapon technologies and the large-scale procurement of such systems by countries in the Middle East. Cyber Weapons can generally be classified under 4 major groups:
(1) Security Type;
The Pegasus Spyware
Spyware is loosely defined as malicious software designed to enter a computer device, gather data about the user, and forward it to a third-party without taking consent from the user. U.S based computer intelligence consultant Edward Snowden’s alarming revelations concerning mass government spying authorized by the United States government raised concerns about digital security around the world and compelled tech giants to go for end-to-end encryption.Since then, government of several countries have been unable to eavesdrop on encrypted conversation, and were anxious for a solution.To address that need, Pegasus was born.
Pegasus is one of the most advanced Android, iOS and iPadOS spyware to have ever been detected. In order to infect smartphones Pegasus exploits zero-day vulnerabilities in popular applications such as WhatsApp and iMessage. This state-of-the-art zero click attack technique allows devices to be compromised even if the user has not clicked on an infected link. Individuals targeted may not even notice anything suspicious on their smartphone. Instead of attempting to eavesdrop on data flowing between two devices, which will most likely be encrypted, Pegasus lets its users to commandeer the device itself, thereby obtaining access to everything on it. The keystrokes on an infected device can also be monitored by Pegasus. Social engineering practices helped influence targets into clicking by embedding the link in messages meant to appeal to their fears or fascination.
Ever since the first form of the Pegasus spyware was discovered in 2017 cybersecurity technology companies have constantly updated their product’s anti-malware signatures to keep up with new forms of the Pegasus spyware. Pegasus spyware can survive flashing of the ROM. Custom Read only memory (ROMs) will only flash /system and the /boot partition. A few custom ROMs will also flash /vendor partitions. Partitions like /radio, /misc, /persist and ODM partitions remain untouched by these spywares. If custom ROMs don’t enforce SELinux, they should not be used. A better option is to use custom Android Verified Boot (AVB). Custom AVB permits unlocking of the bootloader but with a custom root of trust. This will ensure reliable protection of the custom ROM while also receiving security updates for the android framework.
Fighting Back Against Spyware
Most of the major tech companies will release updates on a regular basis that are meant to patch such vulnerabilities;however, the spyware industry more often than not seems to be at least one step ahead.As the Pegasus installation vector is basically just a spear phishing campaign, all of the traditional advice to dodge falling for high-level, targeted phishing attacks applies.A security advisory for staying on the alert against Pegasus style attacks has been issued by The Committee to Protect Journalists. Future Enhanced Social Engineering Message (ESEM) Pegasus attacks may evolve to use different types of bait messages.
Basic operational security precautions across workflow, such as avoiding questionable links, compartmentalizing devices, and employing a robust VPN across all devices, may minimize the success of Pegasus installations.Pegasus uses complex zero-day infection vectors to get its spyware onto mobile devices, however those infections are reliant on installation vectors that can be guarded against.
(The author is a subject matter expert on competitive intelligence and market research in the defence & aerospace industry. Views expressed are personal and do not reflect the official position or policy of Financial Express Online.)