Apple has filed a lawsuit against NSO Group, the Israeli company that developed and sold the Pegasus malware. The Pegasus malware allows surreptitious access to cell phones, including the Apple iPhone. NSO group claims that it only sold Pegasus to governments for legitimate use, but credible reports implicate Pegasus in the deaths of Middle Eastern activists. Apple’s lawsuit is just the latest in escalating pressure on NSO Group in the wake of Pegasus’ discovery.
Apple’s lawsuit makes strategic sense, as Apple has positioned itself as especially concerned about personal security, and Pegasus harmed that image. As people increasingly care about privacy and security, security is a feature. Whether Apple is sincerely committed to personal privacy, or simply sees privacy focused users as a market, a lawsuit would still be a smart strategic move. Guaranteeing security against all comers is a challenge, especially when some threats can operate legally. Bringing a legal challenge against NSO Group may not fix the damage done by Pegasus, but brings the strength of law against NSO group to deter other companies in the future.
NSO Group itself highlights the challenges liberal governments face balancing offensive capabilities with civil rights. Surveillance capabilities help with legitimate law enforcement, and companies like NSO group furnish surveillance capabilities. Once a capability exists, it may fall into the hands of people who should not be trusted with it. Even selling only to governments is no guarantee the tool will be used correctly, since not everyone agrees who is a criminal. Government’s will use the tools at their disposal to retain political control as they see it.
Vulnerability in Windows Installer
Researchers have observed attackers exploiting a known vulnerability in Windows Installer that allows privilege escalation. A researcher identified the original vulnerability in October of last year and Microsoft patched the vulnerability. The vulnerability allows someone who has a limited access account on a windows system to become an administrator. The original patch was either incomplete because attackers are exploiting the vulnerability.
Privilege escalation vulnerabilities are dangerous. Getting access to an administrator’s account may be hard, but a user account may be easier. Attackers can use privilege escalation vulnerabilities to turn user accounts into administrator accounts. Escalation turns a hard single-step process into an easier two-step process.
GoDaddy Data Leaked
GoDaddy reported that hackers leaked millions of GoDaddy’s account holders’ information online. GoDaddy is a domain name registrar and web host, which first rose to prominence with surprisingly racy Super Bowl ads. The hack exposed data of over 1 million customers by accessing old code bases. Early reports indicate password handling misconfiguration allowed the breach.
Web services’ security is important because their security underpins the security of other web-based services. If a web service provider is insecure, the service provider’s insecurity can weaken the security of other services. It is hard to secure your office if the office building is inherently insecure. We don’t yet know if the GoDaddy leak indirectly affected their users’ security, but watch this space.
Noteworthy
Password Usage Analysis of Brute Force Attacks on Honeypot Servers by Arntz
Which Data Do Ransomware Attackers Target for Double Extortion? by Freed
What is Email Spoofing? Fuchs
Kaspersky Predictions on Privacy Trends in 2022 by Larkina, Tshkanov & Momotov
Eight Tips for Remote Students by Starikova
David Benson is a Professor of Strategy and National Security focusing on cyberstrategy and international relations. You can reach him at dbenson@osiriscodex.com.
To get more insightful analysis like this in your inbox at no cost please subscribe.
Ask a question! Raise an objection! Leave a comment!