Cyber Security Threats – Pegasus for Android and iOS - CWPS

Posted by Gary Utley on October 24, 2017

cyber_security_breaches.jpgThe Pew Research Center tells us 72% of all the adults in the Unites States own a smartphone, and most use that phone for work. That number should make the average network administrator cringe a little because the popularity of these tools virtually ensures that the cyber security threats to these devices will increase.

Hackers are increasingly targeting vulnerabilities in security controls, architectures, and applications used by our mobile devices. Whether it’s ransomware, identity theft, or call interception and monitoring, the cyber security threats to our handheld digital devices are on the rise.

This article will look at the latest iteration of cyber security threats, the Pegasus virus, that’s been infecting both Android and iOS operating systems.

Pegasus – Greek God and Smartphone Killer

Just like the ancient Greek god, the Pegasus malware can bring some lightening and thunder to your cell phone. According to Tech Target, Pegasus was first identified in 2016, as a malicious software code targeting Apple iOS. According to Forbes, the Pegasus malware was created by the Israeli tech firm NSO Group Technologies. Calling it, “some of the most astonishing attacks yet seen in the world of private espionage,” Forbes said the NOS was able to exploit iOS vulnerabilities, creating a virus that copies all your data, including Wi-Fi passwords, and Skype, Facebook, Gmail, and other communications.

Since then Apple patched the vulnerability with iOS 9.3.5, but Pegasus wasn’t done. It turns out the mobile spyware was busy working on Android applications in 10 or 11 other targeted countries. The Android virus operates in similar ways to what we saw with iOS; logging keystrokes, taking screen shots, snagging messages, and browser histories. The hackers can control the activity remotely, via text, and the virus will pull itself out of your phone if it senses you’re on to it. 

Interestingly, it appears that it’s easier for Pegasus to deploy on an Android device, which doesn’t require a zero-day vulnerability (or application vulnerability point) to deploy.

Fighting Back Against Cellphone Cyber Security Threats

Keeping the operating systems of mobile devices up-to-date is crucial to preventing cyber security threats. Cyber criminals are now targeting phone apps, so protecting yourself in this current climate is crucial.

Cloud providers are constantly updating against the latest threat, so if you don’t stay current with the latest patches, you’re at risk. This protocol is just as important on your smartphone as it is on your desktop.

Creating a culture of security in your organization is critical for defending against attacks like Pegasus. That training needs to include mobile device security – including ways to prevent security breach if the handheld device is lost or stolen, something that is all too common these days. Establishing guidelines related to how mobile devices access corporate data, what applications are downloaded on corporate-sponsored devices, and establishing how sensitive data is stored are all important parts of a strong cyber security strategy for your business.

With mobile workforces on the rise, device management is a crucial part of outsourced IT managed services. Contact CWPS for help with a business continuity and cyber security plan to manage all of your corporate-connected devices.

Guide to Keeping company's data safe

Topics: Cyber Security