Apple warns of Pegasus-like spyware attacks on select individuals

New Delhi, Apr 11 (PTI) iPhone maker Apple has warned its users about ongoing Pegasus-like sophisticated spyware attacks that target a very small number of individuals often journalists, activists, politicians and diplomats.

Though deployed against a small number of individuals and often involve exceptional costs, mercenary spyware attacks are “ongoing and global”, according to an Apple threat notification.

Apple in the threat notification issued on April 10 indicated that such attacks have historically been associated with state actors as per past research and reports.

“Apple threat notifications are designed to inform and assist users who may have been individually targeted by mercenary spyware attacks, likely because of who they are or what they do. Such attacks are vastly more complex than regular cybercriminal activity and consumer malware, as mercenary spyware attackers apply exceptional resources to target a very small number of specific individuals and their devices,” the notification said.

The notification has come at a time when around 60 countries, including India, are going for elections this year.

The Cupertino-based firm said that mercenary spyware attacks cost millions of dollars and often have a short shelf life, making them much harder to detect and prevent.

Besides, the vast majority of users will never be targeted by such attacks.

“According to public reporting and research by civil society organisations, technology firms and journalists, individually targeted attacks of such exceptional cost and complexity have historically been associated with state actors, including private companies developing mercenary spyware on their behalf, such as Pegasus from the NSO Group,” the notification said.

The Pegaus spyware took control of mobile phones just by giving a miss call on WhatsApp.

“Though deployed against a very small number of individuals ‘often journalists, activists, politicians and diplomats’ mercenary spyware attacks are ongoing and global,” the notification said.

Apple said that the extreme cost, sophistication and worldwide nature of mercenary spyware attacks makes them some of the most advanced digital threats in existence today.

The iPhone maker has recommended notified users to protect their device by enabling lockdown mode.

“Mercenary spyware attacks are exceptionally well funded and they evolve over time. Apple relies solely on internal threat-intelligence information and investigations to detect such attacks. Although our investigations can never achieve absolute certainty, Apple threat notifications are high-confidence alerts that a user has been individually targeted by a mercenary spyware attack and should be taken very seriously,” the notification said.

A survey carried out in the last year revealed that almost half (49%) of organizations worldwide are unable to detect an attack or breach on employee-owned devices. At a time when workforces across the world are increasingly distributed, there’s a genuine risk that the mobile arena could soon become the new corporate cybersecurity battleground.

A survey carried out by cyber security firm Check Point in the last year revealed that almost half (49 per cent) of organizations worldwide are unable to detect an attack or breach on employee-owned devices.

According to Check Point’s Threat Intelligence report, in India, the average weekly impacted organizations by mobile malware stood at 4.3 percent as compared to the APAC average of 2.6 percent in the last 6 months.