How State-Sponsored Hacking Tools are Disrupting Businesses

Cyberwarfare between governmental entities is nothing new at all. The politicians play their war games on big screens, and espionage between these countries has been going on for years. But now, things have taken a turn for the worse.

As governments have increased their capabilities of spying on each other, so have they increased their capabilities of spying on their own citizens. Furthermore, state-sponsored malware tools can, and have, fallen into the hands of rogue entities and criminals. Advanced mobile threat protection is becoming increasingly essential, as mobile devices have become a key part of business operations.

These threat actors have been targeting private sector companies with zero resources to defend themselves against such attacks. The result has been mass leaks and data theft on an unprecedented scale in both the private and public sectors.

The infamous Pegasus spyware, developed by Israeli technology firm NSO Group, came to the media spotlight in 2016. Multiple factors made Pegasus a particularly alarming threat, including its purported one-click infection ability, but also the revelations that it has played a part in authoritarian governments’ intimidation, harassment, and killing of journalists and human rights activists.

While Pegasus is the most well-known example of a state-sponsored mobile threat, it’s far from the only one. Other hacking tools have been made available to malicious threat actors, typically through intelligence and law enforcement agency leaks.

Some of these tools include:

  • RCSAndroid
  • Exodus
  • P6-GEO

For the most part, these tools are the modern equivalent of remote access trojans (RATs), but advanced infection techniques make them more difficult to prevent. For an enterprise company with valuable data to protect, the threat of these advanced spyware tools being used by cybercriminals is a reality.

How to Protect Yourself from Advanced Mobile Threats

1) Always type HTTPS in your mobile browser

Man-in-the-middle (MITM) injection attacks often rely on malicious redirects made possible by compromised connections. If you simply type a domain in your browser (e.g., without a protocol, it will default to HTTP and give an attacker the ability to intercept and manipulate your traffic.

In order to keep your connection secure, make sure you always type https:// in your browser.

2) Audit apps and disable bloatware

A company device should have company apps exclusively installed. Both Android and iPhone devices come with pre-installed apps, and these default apps can be the source of most mobile security problems.

iPhone users may be particularly vulnerable, as many default apps cannot be uninstalled or disabled. The notorious Pegasus spyware exploited a flaw in the default messenger app, and users had to wait for Apple to release a security fix.

Android bloatware is also a concern. In many cases, device manufacturers install these sponsored apps in the root directory—this means only a “rooted” superuser can completely uninstall the apps. But still, disabling them is a good security measure.

The first step in mobile device security is often an audit of the apps installed on devices. For a company that issues work devices, it’s imperative to remove the default apps and disable those that can’t be removed.

3) Compartmentalize remaining apps

To reduce attack surface and increase data protection, compartmentalizing apps are a recommended strategy. Have the mindset that no security system is perfect, but in the event of a breach, you can minimize the amount of data criminals are able to obtain.

4) Use secondary devices for message verification.

If a co-worker sends you a message containing a suspicious link or attachment, it’s possible their device has been compromised. In this situation, workers having secondary phones and accounts purely for messaging would be a wise and effective step to take.

This way, the message receiver can verify with the sender, without fear of device compromise, if they did indeed personally send the message.

5) Stay updated on the latest security threats and techniques.

The cybersecurity industry is constantly evolving, with new threat actors and techniques being discovered all the time. By learning about these threats, as well as the latest attacks, you’ll be able to better secure your own devices and those you work with.

It’s a good idea to follow security firm blogs and cybersecurity news for the most up-to-date information on mobile threats and security. Many security firms release security reports far more in-depth than this article, and having access to the latest information will help you avoid the latest threats.

This is by no means an exhaustive list of mobile security measures to take, but starting somewhere is an important step to take.