Delivering Expert Cyber Security Solutions to small & medium-sized businesses

We focus on educating, transforming and protecting our clients from cyber threats

Learn About GoldSky

Lessons small to midsize businesses (SMBs) can learn from the Pegasus exploit

The infamous Pegasus spyware, developed by an Israel-based company (NSO Group), was denounced as the most sophisticated spyware to date. It remotely infects smartphones without leaving any clues to its users. In 2016, researchers at Citizen Lab discovered the earliest version of the Pegasus spyware. After an unsuccessful spear-phishing attack on UAE human rights activist’s iPhone, the spyware came into the limelight.

Unlike the earlier versions, the improved attack capabilities of the present-day Pegasus spyware do not require any form of interaction with phone users to infect their devices. Instead, the spyware leverages the zero-day vulnerabilities present in the user’s device. When using Pegasus for spear-phishing attach, the poisoned payload is delivered via push notifications using a zero-click attack tactic.

Although users can turn off or block push notifications on their mobile devices, Pegasus can override device commands to deliver control functions of the device. The spyware champions stealthy maneuverabilities, powered by multiple deceptive technologies, including the ability to mask itself as a trusted mobile application.

Key Fact About Pegasus

  • Pegasus infected more than 50,000 devices worldwide.
  • Mexico topped the list with 15,000 compromised numbers.
  • Pegasus has infected over 1,000 devices belonging to prominent journalists, business executives, human rights activists, and current and former government officials – diplomats, military and security officers, prime ministers, presidents, and a king were victims of the spyware.
  • Most of the infected devices were running on iOS and Andriod operating systems – (most were iPhones).
  • The impact of these privacy and security compromises could have worldwide implications.

The Impact of Pegasus’ Exploit on Small to Midsize Businesses (SMBs)

The Pegasus spyware attack provides access to everything available on the targeted device. Calls, emails, social media, encrypted messages, location, contacts, user name, passwords, notes, documents, photos, videos, recordings can get compromised.

This powerful spyware can also turn on cameras, microphones and send files without any user approval. As a result, Pegasus is capable of disrupting any business if it gets into the wrong hands. Below are some ways through which Pegasus Spyware can affect Businesses:

  • Industrial espionage: The stealth ability and features of the Pegasus software makes it the perfect tool for industrial espionage. Hackers or rival companies can use this cyber-weapon to bring down competitors or sell their intellectual properties to the highest bidder. In addition, Pegasus can infect all available mobile devices from the management to staff level, thus allowing unauthorized access to sensitive data via the manipulation of the device cameras and microphones.
  • Blackmails: Hackers can easily blackmail the head of an organization or their prime figures when a large amount of data is compromised. Rivals can target potential business partners of the company and sabotage the business. Hackers can use personal information to blackmail and request ransom from companies.
  • Cyber attacks: Pegasus sees and records everything. Using the data from the camera, microphone, keystrokes, and passwords, hackers can facilitate cyber attacks. Hackers can install ransomware and cut all access to the system using the information from Pegasus spyware.

The 2019 WhatsApp spyware attack case is a real-world example that shows how Pegasus can infect any phone. WhatsApp claimed that the spyware targeted more than 1400 of its users. In its lawsuit against the NSO Group, WhatsApp revealed how Pegasus exploited a vulnerability present in the voice-call function of the application.

Placing a WhatsApp call to the targeted device was enough to install Pegasus, even if no one answered it. The spyware embedded in the data packets travel via the internet connection, and installation begins as soon as the targeted phone starts ringing. The spyware automatically deletes the call log to remove any visible traces of the attack. The NSO Group denied this allegation, and the case is still pending.

How Can SMBs Combat Targeted Spyware Campaigns?

While there is presently no evidence of Pegasus targeting business organizations, things may change anytime as rogue nation-states and cybercriminals continue to steal legitimate cyber weapons for malicious use.

Per NSO’s statements, Pegasus does not work against U.S. citizens. However, it is better to remain vigilant and prepare for any future cyber-threats or attacks. Below are some of the best cybersecurity practices to strengthen security and prevent malware infections:

  • Implement frequent security patches for software and hardware systems – older operating systems are more vulnerable.
  • Restrict the use of mobile devices around sensitive areas, such as data centers and classified facilities.
  • Update security policies to include a mobile device management (MDM) clause for all employees.
  • Use unique passwords and two-factor authentication for all corporate and personal devices.
  • Perform frequent risk assessments to uncover cybersecurity risks and vulnerabilities within your computing environment.

Conclusion

Pegasus’ design makes it almost an invincible spyware and a severe threat to personal and business privacy. Furthermore, due to the access to zero-day vulnerabilities affecting popular devices, such as the iPhone, NSO designed the Pegasus spyware to leverage unpatched software and hardware system weakness unknown to many device manufacturers. As a result, Pegasus spyware evades detection from antiviruses and other notable security measures.

While the NSO group claims that the primary purpose of Pegasus was to help law enforcement and national intelligence agencies track criminal and terrorist activities, real-world occurrences speak otherwise. As the cyber-threat landscape continues to evolve, cybercriminals and rogue nation-states will take advantage of lethal cyber weapons for nefarious reasons. Therefore, organizations must continue to engage in good cyber hygiene to ensure a resilient security posture. Selecting a good security partner would also provide an extra layer of protection for your business.