Considered to be the deadliest spyware ever developed, Pegasus Spyware can infect phones through zero-click attacks. Radius recommends you take several steps to protect yourself.
On Sunday the 18th July, reports began to surface, by seventeen collaborating media outlets about the major threat presented by Pegasus spyware. More than 50,000 people appear to have been spied on across the world including journalists, activists, businesspeople, and more, with 14 country leaders having been compromised too.
What is Pegasus Spyware?
Pegasus was designed by an Israeli firm called NSO Group. The malware can be installed on mobile phones which run most versions of Android and iOS.
This trojan virus was developed initially to provide surveillance on terrorists and criminals. However, it has emerged that Pegasus has been heavily exploited and used against high-profile targets internationally.
How Does It Work?
In the past, Pegasus was known to inflect phones through spear-phishing – targeting high-profile individuals with a phishing scam that involves them clicking on a malicious link to grant the attacker access to their device.
However, Pegasus Spyware has now become more sophisticated and infects a user’s device through ‘Zero-Click Attacks’. This means that the target does not need to complete any action or click on any link for them to fall threat to the cyberattack.
Once granted access, attackers can monitor all device activities. This includes messages, phone calls, GPS and even listening in on and recording audio and video. Hackers can perform this type of cyberattack because of zero-day vulnerabilities.
What is a Zero-Day Vulnerability?
Zero-day vulnerabilities happen when attackers exploit a vulnerability or flaw within a piece of software before it has been noticed or resolved by the software developer.
Attackers can only inject the Pegasus Spyware within the timeframe that the vulnerability or flaw exists (the ‘vulnerability window’) before the developer updates the software.
Is My Device Vulnerable to an Attack?
Pegasus can infiltrate iOS and Android devices, meaning the malware is capable of infecting billions of people’s devices. But it is unlikely that an ordinary person would be targeted.
Surveillance targets have so far included journalists, human rights workers, politicians, government officials, business leaders, and those associated with prominent people.
While there is no evidence of the spyware having affected anyone in Ireland, we always recommend exercising diligence in protecting your digital assets from potential threats.
How Can I Protect Myself from Zero-Click Attacks?
While it’s difficult to detect this type of malware, there are several cybersecurity basics you can use to make your device safer and less susceptible to infection:
- Consult with the 3 Early Indicators of a Cyber Attack, one of our previous blogs if you suspect nefarious activity.
- Ensure that your devices, software, and apps are up to date. If possible, enable ‘automatic updates’ through your settings to update in a timely manner.
- Consider upgrading your device if it is older than five years old, as older devices are less likely to be running an up-to-date operating system.
- Use unique, non-guessable passwords for each device, website, or app you use.
- Enable 2FA (Two Factor Authentication) for all significant account logins.
- Avoid interacting with communications from people or entities you do not know.
- Consider activating ‘disappearing messages’ features to set automatic removal of messages and communications after a certain period.
- Make sure to use reputable apps that you trust and avoid sideloading from third-party locations that you are not familiar with.