Tech Friday with Dave Hatter - July 23rd 2021 - SPONSORED BY INTRUST IT


Pegasus Spyware:

  • Paris-based Forbidden Stories obtained a list that contained 50,000 phone numbers of potential surveillance targets including activists, journalists and executives
  • This disclosure brought NSO's Pegasus software back into public view
  • Pegasus is very powerful surveillance software from Israeli company NSO, possibly the most powerful spyware yet developed
  • NSO builds surveillance software for government agencies
  • NSO has been implicated in other hacks, including a reported hack of Amazon founder Jeff Bezos in 2018, and the earliest known version of Pegasus was captured by researchers in 2016
  • NSO's website says "NSO Group licenses its products only to government intelligence and law enforcement agencies for the sole purpose of preventing and investigating terror and serious crime"
  • Pegasus can surreptitiously capture text messages, photos, emails, videos, contact lists, browser history, basically anything from a phone
  • It can also record phone calls and enable a microphone and/or camera to record according to the Washington Post. It makes your phone a 24x7 surveillance device
  • Amnesty International (AI) researchers discovered NSO can deliver Pegasus by sending a link that when opened infects the phone, or silently and without any interaction via a "zero-click" exploit, that leverages vulnerabilities in the iOS software
  • Apple has said it is continually updating its software to stop these types of attacks
  • If spear-phishing or zero-click attacks fail, Pegasus can also be installed over a wireless transceiver in close proximity or manually if physical access to the device is possible
  • The Citizen Lab at the University of Toronto reviewed and validated AI's work. Bill Marczak from Citizen Lab tweeted that NSO’s zero-clicks worked on iOS 14.6
  • AI's researchers published detailed technical notes, read them here: https://www.amnesty.org/en/latest/research/2021/07/forensic-methodology-report-how-to-catch-nso-groups-pegasus/
  • WhatsApp revealed in 2019 that NSO’s software had been used to send malware to nearly 1,500 phones by exploiting a zero-day vulnerability. A WhatsApp call to a target device could install Pegasus even if the target didn't answer the phone
  • Edward Snowden called for a ban on spyware sales in an interview with the Guardian warning that these tools will be used to spy on millions of people.
  • "When we're talking about something like an iPhone, they're all running the same software around the world. So if they find a way to hack one iPhone, they've found a way to hack all of them" Snowden said
  • AI published a toolkit called the MVT (Mobile Verification Toolkit) that can help determine if a phone (iOS or Android) has been compromised. It can also scan for other potentially malicious applications. Get it here:https://github.com/mvt-project/mvt

Ditch Google Maps:

  • As part of the newish Apple’s App Tracking Transparency (ATT), apps must display Privacy Labels that disclose the information they capture about a user to be in the Apple store
  • Apple will requires apps to display a mandatory privacy consent notice that allows users to opt out of the use of the unique device ID to track them
  • Apple is ramping up its privacy claim, firing on all cylinders to keep their users’ data protected. With data firmly being the currency of the 21st century, Apple, as ever, is thinking outside the box with how it operates" - Jake Moore, ESET
  • But while many iPhone users are tied to Google Maps, the alarming privacy label comparison between it and Apple’s alternative should give serious reason for concern
  • When you look at the data Google Maps collects per the Privacy Label, it's all linked to your personal identity
  • Reminder, this is how Google makes money, you are product, NOT the customer
  • Google has pointed out that you can prevent Maps from hoovering up your data on an iPhone by selecting Incognito mode, but there is a serious impact on functionality
  • For some reason, Maps remains the most popular navigation download on Apple’s App Store despite the fact that Apple Maps is very good and privacy friendly
  • Apple has announced a Maps refresh for iOS 15 that may convince people to drop Google Maps
  • Apple said "Apple is committed to building the world’s best map"
  • For CarPlay users, the new Maps will have "a three-dimensional city-driving experience with new road details that help users better see and understand important details like turn lanes, medians, bike lanes, and pedestrian crosswalks. Transit riders can find nearby stations more easily and pin favorite lines. Maps automatically follows along with a selected transit route, notifying users when it’s nearly time to disembark, and riders can even keep track on Apple Watch. With iOS 15, users can simply hold up iPhone, and Maps generates a highly accurate position to deliver detailed walking directions in augmented reality"
  • "iOS 15 takes Maps even further with brand new ways to navigate and explore. Users will experience significantly enhanced details in cities for neighborhoods, commercial districts, elevation, and buildings, new road colors and labels, custom-designed landmarks, and a new night-time mode with a moonlit glow" - Apple
  • It's well past time to dump Google Maps for Apple Maps
  • Even better, dump everything from Google for privacy friendly alternatives and choke Google's data collection machine
    • DuckDuckGo rather than Google Search
    • ProtonMail rather than Gmail
    • Firefox, Safari, Brave or Tor rather than Chrome

Cyber insurance costs rise by more than 30%:

  • Cyber insurance policies are relatively new and the sector has exploded in the recent past
  • Premiums have doubled since 2015 totaling $3.15 billion last year per the National Association of Insurance Commissioners
  • Broker Marsh McLennan reported that demand for standalone policies surged 24% last year
  • In light of the explosion of cybercrime, some firms are now reducing coverage while raising costs
  • Marsh McLennan reported that clients paid 35% more for cyber insurance in the first quarter this year
  • Reinsurance brokerage Howden recently reported that the frequency and severity of ransomware attacks is driving a substantial increase in the cost of cyber security insurance
  • Their report, "Cyber insurance: A hard reset" says that global insurance pricing has increased by an average of 32% since last year
  • As risks and claims rise, insurers are now demanding more evidence of cybersecurity preparedness
  • Shay Simkin, global head of cyber at Howden, said "The cyber insurance market is currently driven by a demand and supply imbalance which shows no sign of relenting any time soon. Claims are up, capacity is down and underwriting profitability is, at best, under pressure"
  • "The impact on insurance buyers is stark; the importance of being prepared for a cyber attack has never been clearer. With insurers now demanding markedly higher cyber security standards before deploying capacity, businesses need analytical solutions designed specifically for them, combined with focused, expert intermediation to help them secure the coverage that meets their need" - Simkin.
  • Howden predicts Gross Written Premiums for cybersecurity insurance will approach $20 billion by the middle of the decade
  • "Rising costs of insurance should be an added incentive for organisations to take their cyber security seriously. With cyber insurance companies becoming more vigilant about the requirements that must be met before providing them cover, getting the cyber security fundamentals right is more important than ever for organisations." - Simkin.
  • CybSafe founder and CEO Oz Alashe said "Effective security awareness training, as well as a deliberate focus on security behaviours, like using stronger passwords and backing up data, are simple steps that organisations should take to protect themselves and ensure they can access the appropriate insurance"

Sponsored Content

Sponsored Content