Individuals and enterprises can fall prey to spyware, which can go undetected by even the most sophisticated anti-virus systems. Entersoft offers a guide to build your arsenal to steer clear of such spyware.
Remember ‘Mal’ from the movie ‘Inception’? The wife of Leonardo di Caprio’s character ‘infiltrates’ his subconscious state and sabotages the team’s assignments by secretly accessing their plans through him. Mal can easily be translated to malware, an infectious spyware that secretly gains access to personal information. This confidential information is then used to unlawfully target the individual or enterprise.
The Pegasus spyware episode is the most recent example of such sophisticated spyware attacks. Spyware can be effectively concealed from even the most discerning operating system vendors and anti-virus protection. It can mimic programs that are part of your OS or phone memory, making it hard to recognise until advanced stages.
Not your ordinary neighbourhood virus, spyware can go completely undetected
Spyware such as Pegasus are heavily funded and as such, don’t target the general audience. iOS devices of particular individuals were targeted, by exploiting three key vulnerabilities in the Safari web browser – in the WebKit and at the kernel level. This, despite the iOS universe being highly secure due to the sandboxing mechanism, with tightly-defined permissions and following security best practices.
Generally, organisations have systems at the server level that raise alerts if they detect unfamiliar patterns that don’t match with usual use cases. It is more difficult for individuals to know if their phones or devices are infected with spyware. They need to be aware and vigilant, uninstall apps that they don’t use, and in general watch out for overheating and excessive battery drain.
Since spyware is not easily identifiable unless publicly known or through published research, it becomes very hard for security experts to contain or remove the threat.
Spyware is more common than you think
According to security tech giant Norton, spyware is among the most common cyber threats. Advertisers, data research firms and third-party clients – all of them gather insights about you thanks to personal information provided by spyware. In case of organisations, competitors keen to disrupt operations may resort to spyware to access sensitive company data, resulting in downtime, reputation loss and impacting business.
According to Norton Cyber Security Insights Report Global Results, a total of 978 million people in 20 countries were affected by cybercrime in 2017. Globally, cybercrime victims lost $172 billion. Spyware also had a hand in this. Trojans, keyloggers, microphone-based recorders, adware, system monitors and the ‘next-door’ tracking cookies are all examples of spyware.
Am I vulnerable to spyware?
Spyware can easily infect any digital environment through the following ways:
- Social engineering and phishing attempts
- Pirated copy of genuine software manipulated with spyware – downloaded from torrents
- Unidentified software source download
Some of the routes that exploitation can take are:
- Malicious use of personal information such as biometric details
- Highly confidential documents revealed in public
- Stakeholder communication made accessible
Best practices for individuals to prevent spyware
Despite strong end-point protection or antivirus solutions, unless you are an expert, there is no way to detect spyware once it infiltrates your system. Individuals can adopt a few best practice behaviours, as well as protect their home networks.
Some of the best practices that users can adopt to exercise caution are:
- Be vigilant – Open emails, click on links and download attachments only when you are aware of the source. A hacker who is aware of the context between two people in a professional or personal setup will leverage this information to their advantage.
- Regularly upgrade device hardware/software – Hackers create new spyware and malware all the time. Don’t ignore or put off patches and updates, as these protect your system against the most recent malware. If you don’t upgrade, you are leaving your system vulnerable.
- Be discerning –Be aware of the way in which a person usually writes or communicates, email ids, headers, signatures, etc. Cross-check if they’ve actually sent such a communication.
- Remove unnecessary apps –Infrequently-used apps on PC / mobile are targeted by hackers to infiltrate your system. Regularly review and uninstall apps that you aren’t using.
As for home networks:
- A strong WiFi password and multi-factor authentication translates to protected devices
- Ensure your device has the most updated OS. For old systems, there are 2 iterations possible – if the hardware is incompatible or obsolete and if the software is not from a trusted source
- Avoid downloading software from unknown or unverified publishers
- Keep abreast of latest spyware
Building an organisation’s anti-spyware arsenal
Organisations should have mechanisms that safeguard data exposure and ensure that sensitive information is not leaked through outbound traffic. For instance, Cloud Access Security Broker enables granular controls on every activity. The extra layer of protection and restrictions ensure that even if there is spyware, information cannot be extracted from the system.
In case OS vendors have not released a patch, as a best practice, organisations must continually monitor and try to contain what data is going out.
Security solutions and best practices such as blacklisting particular IP addresses and whitelisting IP addresses of vendors and partners builds a solid defence against spyware.
Best practices can include:
- Follow SSDLC – Most organisations who don’t follow security best practices resort to ‘first develop, then test’. The primary concern is functionality rather than security. They look at testing when the app goes into production release.
- DevSecOps: Organisations should follow DevSecOps so that any manual errors are avoided.
- A strong checklist – MFA to protect accounts, highly complex passwords, automated patch management software, leveraging native APIs can all build a strong security arsenal for enterprises.
- Allocate Budgets – Budget should be allocated for security and third-party vendors. Although internal security audits are conducted, deviations in reports can be keenly assessed by hiring an external security agency.
- Use firewalls – Leverage Web Application Firewalls (Layer 7 firewall) to prevent Zero Day attacks.
The Pegasus spyware incident has raised general awareness about spyware being used at an inter-governmental and political level. However, individuals and companies must be aware that they are equally a target to similar spyware attacks. They must be vigilant, stay informed and follow the best practices to protect themselves against being exploited through spyware.