The Pegasus project reveals human rights activists, journalists, ministers, and lawyers around the globe have been targeted by cyber-surveillance software
Investigation reveals that cyber-surveillance software, also known as Pegasus spyware created by the Israeli company NSO Group, has targeted thousands of people worldwide.
The company sold the spyware to government agencies to use against criminals and terrorists.
However, it is believed the Pegasus spyware has at least targeted 300 people in India. The Economic Times says more than 300 phone numbers of journalists, people in business, activists, and ministers from India could have been hacked.
The post from Economic Times further mentions the government has denied playing any part in monitoring specific people.
But before we dive into the news, let’s understand what exactly Pegasus is.
Join our weekly newsletter and get the latest cybersecurity updates delivered directly to your inbox
What is Pegasus?
Pegasus is a cyber-surveillance software or spyware created by the Israeli company NSO Group for government agencies to monitor criminals and terrorists. The spyware infects a device and helps spy on a person by transferring the data from the device to a master server in an unauthorized way. Pegasus spyware can extract messages, photos, and emails, and record calls, and the worst is it can even secretly activate microphones and cameras.
Pegasus Project Leak List
As per The Guardian, the list of exposed data consists of more than 50,000 phone numbers. It is believed that the phone numbers in this list belong to people who are considered to be persons of interest for NSO’s clients. However, as of now, it is not confirmed if the phone numbers on the list are infected with Pegasus spyware
As per the report, organizations such as Forbidden Stories and Amnesty International initially had access to the leaked list. They also shared the access with other media partners as part of the Pegasus project.
As mentioned in one of our “News Shot: Pegasus Spyware Targets Activists and Journalists” the list also includes many Arab royal family members.
Furthermore, it contains details of various executives, reporters, and editors of giant media outlets such as CNN, Financial Times, New York Times, and Reuters.
How does Pegasus Spyware Works?
There is nothing much more complicated about how the Pegasus spyware Works or how it infects the devices. Similar to phishing attacks, the spyware is delivered through malicious links in a message.
When the victim clicks on the link, the software gets downloaded and compromises the device without the user’s knowledge or permission. The purpose of delivering the spyware is to gain full access to the device’s operating system. Then the spyware disables the security measures or removes the security controls in the operating system.
Furthermore, the spyware collects the victim’s personal information such as passwords, bank account details, contact lists, calendar events, as well as text messages, and voice calls. The spyware can also turn on the phone’s camera and microphone to record activity around the phone’s surroundings. As per the latest updates, an upgrade in the spyware lets it infect systems without the victim clicking the link.
How to Defend Against Spyware?
The best way to defend against spyware such as Pegasus spyware is to implement the right and best cyber security measures. Sometimes, a user’s device gets infected with a virus when clicking on a malicious link and sometimes after downloading a virus-embedded attachment.
Moreover, sometimes, one can also infect the device by simply visiting a trusted but compromised website. Thus, there are several ways one can get infected with this virus. Keeping that in mind, here are some precautions that you can follow to protect yourself and your organization:
- Do not download any apps from unknown sources or unofficial app stores
- Do check the permissions in the apps before accepting them
- Avoid clicking on any link before confirming it is safe
- Do not download any attachments before scanning
- Educate your employees about such cyber attacks so that they know how to spot and avoid
- Update the software and hardware with the latest security updates
- Enforce a policy that ensures that employees are not using their personal devices for official use
- Implement tools such as the Threatcop Phishing Incident Response tool that helps employees to report suspicious emails and facilitates its instant takedown.