Back in August, findings about a sophisticated, targeted, and persistent mobile attack on iOS using three zero-day vulnerabilities called “Trident” was published. Pegasus is a mobile espionage product which was used to make use of Trident vulnerabilities. The attack allows an adversary to silently jailbreak an iOS device and stealthily spy on victims, collecting information from apps including Gmail, Facebook, Skype, WhatsApp, Calendar, FaceTime, Line, Mail.Ru, and others. Many security firms described it as the most sophisticated attack they’ve seen on any endpoint. Actually, this vulnerability was sold as a product to a customer.
The organization that built Trident/Pegasus is NSO Group – an Israeli startup that was acquired by the well-known VC fund Francisco Partners Management in 2010. NSO sells software to governments for the ostensible use of anti-terror monitoring. Governments buy this software on a per-license basis (Lookout notes that the price for Pegasus has been about $8 million for 300 licenses) and it comes complete with 24/7 support and software assurance – it even had volume discounts!
“This has been a pretty startling wake-up call and a huge reminder that we are all under constant persistent attack, and that any and all platforms and apps have vulnerabilities,” wrote Brad Anderson in a blog post discussing about these attacks. He highlighted how Microsoft’s integration of Office 365 and EMS, on iOS, Android and Windows – and the integrated scenarios they are delivering provide customers the end-to-end, holistic security required for this modern age of attacks.
Read the full story here.