Recently, it has been reported that Pegasus, the malicious software, has allegedly been used to secretly monitor and spy on an extensive host of public figures in India.
Important points:
- It is a type of malicious software or malware classified as a spyware.
- It is designed to gain access to devices, without the knowledge of users, and gather personal information and relay it back to whoever it is that is using the software to spy.
- Pegasus has been developed by the Israeli firm NSO Group that was set up in 2010.
- The earliest version of Pegasus discovered, which was captured by researchers in 2016, infected phones through what is called spear-phishing – text messages or emails that trick a target into clicking on a malicious link.
- Since then, however, NSO’s attack capabilities have become more advanced. Pegasus infections can be achieved through so-called “zero-click” attacks, which do not require any interaction from the phone’s owner in order to succeed.
- These will often exploit “zero-day” vulnerabilities, which are flaws or bugs in an operating system that the mobile phone’s manufacturer does not yet know about and so has not been able to fix.
- Human Rights activists, journalists and lawyers around the world have been targeted with phone malware sold to authoritarian governments by an Israeli surveillance firm.
- Indian ministers, government officials and opposition leaders also figure in the list of people whose phones may have been compromised by the spyware.
- In 2019, WhatsApp filed a lawsuit in the US court against Israel’s NSO Group, alleging that the firm was incorporating cyber-attacks on the application by infecting mobile devices with malicious software.
Types of Cyber Attacks
- Malware: It is short for malicious software, refers to any kind of software that is designed to cause damage to a single computer, server, or computer network. Ransomware, Spy ware, Worms, viruses, and Trojans are all varieties of malware.
- Phishing: It is the method of trying to gather personal information using deceptive e-mails and websites.
- Denial of Service attacks: A Denial-of-Service (DoS) attack is an attack meant to shut down a machine or network, making it inaccessible to its intended users.
- DoS attacks accomplish this by flooding the target with traffic, or sending it information that triggers a crash.
- Man-in-the-middle (MitM) attacks: Also known as eavesdropping attacks, occur when attackers insert themselves into a two-party transaction.
- Social Engineering: It is an attack that relies on human interaction to trick users into breaking security procedures in order to gain sensitive information that is typically protected.
SOURCE: THE HINDU,THE ECONOMIC TIMES ,MINT