Trending Articles

Technology

Pegasus and the increase in cyberattacks on an international scale

Pegasus and the increase in cyberattacks on a global scale. the latest surprise in cybersecurity has been the increase in cyberattacks on politicians, both pro-independence and the government, with the Pegasus spyware. However, it has only been the straw that breaks the camel’s back in a difficult time regarding cybersecurity. Neither governments nor companies have experienced a quiet season regarding cyberattacks for a long time, but 2022 is a challenging year. This post covers the rise in cyberattacks on organizations and businesses this year and how to protect yourself against them.

Suppose, as a result of the pandemic, the attacks on companies and organizations had been incredibly intense due to the rise in teleworking activity and the increase in ransomware attacks. In that case, this year is not far behind. This year, more and more public entities and personalities are being attack.

Increase In Cyber Attacks With Pegasus

Among the most critical cyberattacks, the Pegasus spyware from the Israeli company NSO Group, which seemed to be a resource intended for governments to prosecute illicit attacks, now appears to be being used for other purposes. In principle, the Israeli company sold its licenses to help governments fight paedophilia, sex or drug trafficking networks, locate missing persons or survivors of catastrophes or fight terrorism. Still, in practice, its use has gone further.

For example, the attacks on mobile phones of 63 personalities of the Catalan independence movement, the Spanish government president (from whom they obtained 2.6GB and 130MB of data) and the Minister of Defense (both spied on between May and June 2021)

How does Pegasus work?

The complicated part of all this is that, like other malware, Pegasus used spear phishing, sending emails or SMS impersonating an identity so that a specific victim clicks to download the spyware. But it began to exploit Zero Day vulnerabilities in both WhatsApp (in 2019) and iMessage -the iPhone application- (in 2021). These vulnerabilities allowed the victim not to interact, and just a WhatsApp call or an invisible iMessage was enough to infect the phone. This, together with the fact that Pegasus disappears from the device without a trace when turned off, makes spyware especially dangerous.

How to fight Pegasus?

Amnesty International has created a project, MVT, to detect if a phone has been infect, using tracks that remain on the mobile, called IOC. However, advanced knowledge is required to use this tool. Luckily, another alternative is available for iPhone users (just like MVT). The application called iMazing can be used from the PC to, by connecting the terminal to it and following specific steps, find out if it has been infected with Pegasus.

cyber attacks

The rise of cyber attacks in the future

“I have warned of the possibility that Russia could conduct malicious cyber activity against the US. Today, I am reiterating those intelligence-based warnings that the Russian government is exploring options for possible cyber attacks.”

Also, Casablanca published a “Fact Sheet” to warn companies. In it, he not only indicated the increase in the activity of the US administration since November 2021, when Vladimir Putin escalated his aggression aimed at the invasion of Ukraine.

How to protect yourself from cyber attacks

We end with the recommendations of the US Government, set out in that same Fact Sheet, for companies to protect themselves in the future from cyber attacks, which have only just begun:

Order the use of multifactor authentication in systems.

  • Implement modern security tools on computers and devices for active surveillance and threat mitigation.
  • Ensure with cybersecurity professionals that systems are protected against known vulnerabilities.
  • Modify passwords used on company networks.
  • Make backups, and make sure you have backups out of reach of attackers.
  • Develop emergency plans to be ready to respond quickly to minimize the impact of any
  • Encrypt data so it cannot be use if stolen
  • Train employees in the most common attacker tactics.
  • Collaborate proactively with government security organizations.

Related posts