In the news recently it has been reported that from a list of more than 50,000 phone numbers, journalists identified that more than 1,000 people in 50 countries are under surveillance using the Pegasus spyware. This particular software was developed by NSO group an Israeli company that sells to government clients.
The hack involves victims clicking on links that have been sent via SMS or iMessage which then delivers malicious software that compromises the device. We have seen over the past few years the increase in capabilities that are on sale to everyone meaning you no longer need specialist knowledge like you once did. These capabilities that are being sold poses a real challenge about how with think about privacy and security online and it’s moving us towards a world in which we can all become spies but equally be spied on.
While this recent attack was used to monitor publicly prominent and politically active individuals there are some simple steps you can take to minimise your potential exposure from the likes of Pegasus and other malicious attacks too.
Here are some tips from our Pentester Benoit on how you can become better protected:
- Not revealing your phone number unless absolutely necessary – this will ensure that your number is less likely to be part of a list that is targeted.
- Only click on links from known and trusted contacts – many cybercriminals use this technique for both malware distribution and less technical scams. The same advice applies to any links sent via email or other messaging applications.
- Regularly update to the newest OS and firmware versions – most devices have regular updates and patches to fix any vulnerabilities, if you don’t update this on a regular basis hackers will try to attack it, so your operating system becomes your best defence.
- Avoid public and free WiFi services, especially when accessing sensitive information – using a VPN is a good solution when you need to use such networks.
- Encrypt your device data – If your device is lost or stolen, you will have some reassurance your data can remain safe
If you are still unsure and fear you may have clicked a link you shouldn’t have there are tools like the Amnesty International Verification Toolkit that can provide evidence of infection. To give it a go click here.