The fastest way to get CISSP Certified. Join our bootcamp
Many of you will be familiar with the Pegasus spyware, a highly sophisticated tool developed by the NSO Group, which is capable of leveraging zero-day exploits to take control of targeted devices. It was used by various governments to hack into the phones of both journalists and activists, including the fiancé of Saudi-dissident Jamal Khashoggi. Khashoggi was soon brutally murdered and cut into pieces at the Saudi Embassy in Turkey.
Pegasus attacks seem to have waned after the US essentially blacklisted the NSO Group, however, there is a new kid in town: Paragon Solutions. Last week, Citizen Lab unveiled a report covering Paragon Solutions’ spyware called Graphite, which WhatsApp detected to have impacted 90 individuals through a zero-click exploit, including journalists and activists.
The NSO Group attracted a lot of attention in the press for being abused by authoritarian regimes, but a Paragon Solutions executive has claimed that his company’s spyware would never be deployed in such a way:
“Paragon would only sell to countries that abide by international norms and respect fundamental rights and freedoms. Authoritarian or non-democratic regimes would never be customers.”
At this stage, there is no evidence that Paragon’s spyware has been used by authoritarian governments, but its sophistication is still concerning. The spyware can target a range of applications, but in the case of the WhatsApp attack published by Citizen’s Lab, it begins with:
- An attacker adding the victim to a WhatsApp group.
- The attacker then sends a PDF to the group.
- The victim’s phone then parses the PDF, which exploits a vulnerability.
- This vulnerability allows Paragon Solutions’ Graphite spyware to be loaded into WhatsApp.
- The spyware then breaks out of the Android sandbox and spreads to other applications.
Can you protect yourself from such sophisticated spyware?
We need to be clear that Paragon Solution’s spyware is far from just script kiddies playing around. It is used by nation states who pay Paragon vast sums in an attempt to compromise their targets’ devices. The fact that it is such sophisticated and expensive malware that leverages zero-day exploits is actually good news for the bulk of us—the sheer cost and complexity of these attacks means that it will only be used against targets who are deemed to be of very high value. With this in mind, most normal people don’t have too much to worry about from these types of attack—it’s simply not practical or cost effective to use Paragon’s spyware widely.
However, if you are a journalist, an activist or some other high-value target who may have drawn a nation-state’s ire, then you have some problems on your hands. As we discussed, the WhatsApp attack was zero-click, which meant that the victims didn’t even have to click on a dodgy link or install a malicious program to get compromised. All they did was receive a WhatsApp message from their attacker. While making sure you have the latest security updates is a solid practice, even this wouldn’t have helped in this circumstance, because the attack was based on a zero-day exploit that WhatsApp was unaware of.
Unfortunately, if a nation state has you in its crosshairs, you will need much more than an emailed newsletter to keep you safe.
CISSP Certification in 1 Week
Study everything you need to know for the CISSP exam in a 1-week bootcamp!
5 Mistakes to Avoid so you easily pass the CISM exam!
Struggling with CISM Exam Prep? Download our FREE Guide. Don't let common pitfalls derail your success. Learn the top 5 mistakes CISM candidates make and how to avoid them. Get expert tips and pass with confidence!
