Blog: Phishing for Pegasus
Phishing for Pegasus

A stealthy threat in the mobile landscape emerges

Blog: Phishing for Pegasus
Phishing for Pegasus

A stealthy threat in the mobile landscape emerges

previous arrow
next arrow

Author: Ryan Jackson
Service Desk Engineer, FSi Strategies

Phishing for Pegasus

As we transition into the Hybrid Workplace, mobile security is a growing concern. Mobile platforms are at an increased risk of being targeted and sensitive information is threatened. Mobile phishing has increased by 37 percent between the fourth quarter of 2019 and the first quarter of 2020* and is reported to be the fastest growing cyber-security category.

The Pegasus spyware is a sophisticated, targeted, and persistent mobile attack that allows an adversary to stealthily spy on victims collecting information from voice communications, email, passwords and more. Most notably, this attack does not require any interaction to be successful. The victim receives a text message from an unknown sender and the payload executes without any further action from the user. The vector is most likely the URL Preview functionality in iMessage and other apps.

For those interested to learn more about NSO Group’s ‘Pegasus’ spyware, Amnesty International has posted a detailed technical analysis. Forensic Methodology Report: How to catch NSO Group’s Pegasus | Amnesty International.

Amnesty International has released a forensics tool and indicators that can be used to scan a phone backup for signs of the attack. The ‘pegasus.stix2‘ file is used by the Mobile Verification Toolkit to check for attack indicators in the phone’s logs. It may be updated if additional indicators are discovered, so be sure to grab the latest version from the link above. Using the tool requires some technical skills such as understanding the basics of forensic analysis and using command line tools.

Much of the media coverage and analysis has focused on Apple and iOS but Android devices are not immune from this attack. iOS devices keep more detailed logs which makes them easier to analyze and report on. Zero-click attacks such as this are extremely rare and difficult to develop. They are used sparingly, as once discovered they are quickly patched.

The mobile threat landscape is constantly evolving, reduce your risk by keeping your mobile devices up-to-date by ensuring your device is running the latest software updates and refrain from opening any links from unknown senders. It is also imperative that your business has a cohesive Mobile Device Management strategy and plan in place to avoid costly security risks, threats, and cyber-attacks.

If you’re not sure where to start, or if you need a hand with developing or executing your strategy, an experienced Managed Services Provider like FSi Strategies can help. Learn more about what an MSP can offer in our eBook, available here or contact us directly with any questions.

Reference:
*Lookout – Phishing Spotlight Research Report

Start a conversation today.

Ask us about integrating your tools & platforms together – with architectural coherence and extensibility. Designing, implementing and supporting Modern Workplace technology is what FSi Strategies specializes in. We’ve helped hundreds of businesses implement modern security strategies in support of their missions. We invite you to discover how together, we can leverage the intelligent Cloud for the security and privacy needs of your business.