Powered by
Sponsored by

Pegasus row: Experts caution against constantly-evolving spywares

Usage of spywares is witnessing an upward trend across the globe

nso-pegasus-afp (File) A woman uses her iPhone in front of the building housing the Israeli NSO group, in Herzliya, near Tel Aviv | AFP

The recent unearthing of high-tech Israeli spyware on the devices of Indian citizens has highlighted the fact that the usage of spyware technology is witnessing an upward trend across the globe. Experts point out that though there are multiple spywares across the world, one of the best and most popular is Pegasus that was created by an Israeli cyber-security agency NSO. Many of the spy agencies across the globe have used this technology to access enemy networks and anti-national elements.

“Spyware is used by every country to counter terrorists and smugglers. This is a legitimate software to probe every transaction on certain phone types. Pegasus by the Israel firm NSO was used by Saudi Arabia to spy on [late Jamal] Khashoggi. Similarly, American and Russian spy agencies have been using this type of software for a long time. Most disturbed African countries' news is trapped by these spywares. There are many spywares but the most popular and best is Pegasus. It can access phone calls and social networks of spies and is used for spying enemy networks and anti-national elements clandestinely,” said A.M. Sudhakara, former director of Center for Information Science and Technology, University of Mysore.

Pegasus is a particularly malicious and untraceable type of malware. It is implanted in devices in a way that’s similar to regular ransomware or malware, that is, by using standard attack vectors. These can be text messages, WhatsApp messages, iMessages or emails. These vectors will usually contain an innocuous looking link, upon clicking which Pegasus will be installed on the device unknown to the user. In certain cases, the spyware is installed just by opening a suspicious message or email or even answering a WhatsApp voice call. Once the spyware is installed, it proceeds to provide the attacker with comprehensive access to harvest data from the device, use the device’s microphone or camera, and GPS data.

“While this discovery is shaking digital trust in Indians, it can hardly be said to be surprising as cyber attacks are up 600 per cent in the last year and a half, and the malware infection growth rate is nearly exponential over the last decade. Experts are right when they say that this has been a trend for a while now, and will continue to be. Malware, in particular, that is, software that causes harm to users, data, or devices, is experiencing a pronounced uptick. Malware has been the preferred mode of attack in nearly 70 per cent of cyber-security incidents in 2020, and the amount of mobile malware on the internet has more than doubled since 2018. Another worrying aspect is that malware targeting Mac OS has also increased by 165 per cent in 2020,” explained Krupesh Bhat, founder, SignDesk.

Experts like Bhat point out that there are limited safeguard against spyware as software such as the Pegasus spyware has built-in self-destruct features and leaves no trace even after it’s been uninstalled. “Spyware like Pegasus operate completely under the radar and are nearly impossible to detect even by cyber-security professionals. Therefore, one can’t hold out much hope for the common man. However, everyone can exercise basic due diligence such as ignoring and deleting suspicious messages and emails, ignoring calls from unknown numbers and exercising caution when visiting suspicious websites. These steps will make a huge difference in mitigating the threat of malware,” said Bhat.

He further explained that even a hard factory reset will not remove spyware like Pegasus and hackers will have access to online accounts even after it’s been uninstalled. Therefore, the best course of action would be to completely discard the affected device, change the passwords of all online accounts (especially those on cloud-based platforms) and ensure that all software is up to date.

Experts further point out that malwares and spyware attacks have been constantly evolving to adapt to the changing digital landscape of organisations. Newer variants, which have evolved in the last few years, are able to avoid detection, exploit software vulnerabilities, and penetrate perimeter security with ease.

“Looking at spyware in particular, the cybercriminals have evolved to work around defence mechanisms that are programmed into most anti-spyware and reactive solutions. Recent attacks have shown that endpoints running on legacy or unpatched Windows OS are highly susceptible to such spyware attacks. Cybercriminals who write these malicious codes have learned to circumvent traditional perimeter security using phishing campaigns and advertisements and they enter one's device with ease. Once the malicious code has been installed into the host system, it stays covert and laterally moves with malicious intent to reach high value systems and exfiltrate sensitive data and even utilize these inputs to launch further attacks,” remarked Raja Ukil, senior vice president, enterprise business, Color Tokens.

This expert points out that businesses are impacted due to these attacks in a big way, and they remain an unprecedented threat to any enterprise. Few impacts like loss of critical information, reputational loss, access to organisations’ sensitive data leading to huge financial loss is inevitable through such attacks.

“To counter these sophisticated spyware threats, enterprises need to look beyond traditional approaches and adopt security solutions that have a proactive, signature less, Zero Trust approach and the security solution should work at the kernel level to detect, highlight, and prevent unauthorised processes running on endpoints and critical servers. At the same time, organisations should also strive to achieve complete visibility and control of all processes that run in their endpoints. This will enable them to create a process whitelist which allows only the known processes to run, thereby reducing the chance of an attack,” added Ukil. 

📣 The Week is now on Telegram. Click here to join our channel (@TheWeekmagazine) and stay updated with the latest headlines