Enterprises are the “ideal” target for Trident iPhone hack

Trident malware will target your CEO, CTO, and employees

Malware that spies on iPhones will target enterprise deployments as well as consumers' devices, a security firm involved in its discovery has confirmed.

Pegasus, the spyware that installs itself on a user's iPhone by sending them an SMS message with a malicious link to click on, was revealed yesterday by mobile security company Lookoout, which investigated the malware with Citizen Lab.

Once installed, the malware, allegedly created by Israeli firm NSO Group, collects information from apps including Gmail, Facebook, Skype, WhatsApp, Calendar, FaceTime, and can also activate the iPhone's camera and microphone to listen in on conversations.

Pegasus is the final link in a three-part chain that is being called Trident. The first example of the attack was directed against human rights activist Ahmed Mansoor, but the cybersecurity firm warned that enterprises will be the prime target of the malware.

Advertisement - Article continues below
Advertisement - Article continues below

"These exploits are ideally suited to perform targeted, enterprise-focused attacks, and we expect that customers of this type of software are using these attacks for that that purpose," Mike Murray, Lookout's VP of security research & response, wrote in a blog post.

"The going price for Pegasus was roughly $8 million for 300 licenses, so it's not likely to be used against an average mobile device user, only targets that can be considered of high value."

These targets are not only the CEO and CTO of enterprise firms, whose devices will have secrets worth stealing, but also lower level staff, whose devices may not have as rigorous protection as those of C-level staff.

"Rank-and-file employees with credentials to access enterprise networks are clearly perceived as valuable targets by global threat actors," Murray said. "Unprotected employee mobile devices with access to sensitive corporate data are now likely to be the lowest hanging fruit for attackers looking to breach an enterprise."

A few years ago iPhones may not have presented such a large risk to enterprises' security, but Apple has built a $25 billion B2B business on the back of its flagship device over the last three years.

It has relied on partnerships with the likes of IBM and Box to get its hardware into businesses, with the firms aiming to offer the software businesses need on the devices staff actually want to use.

Advertisement - Article continues below

The iPhones most at risk are those used for both work and personal communications, Lookout warned, with one employee clicking the malicious link being all hackers need to break into an enterprise.

Apple has pushed out an update that fixes the vulnerabilities Trident exploits, but now IT staff must try to ensure all employees download the patch.

Featured Resources

What you need to know about migrating to SAP S/4HANA

Factors to assess how and when to begin migration

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

Testing for compliance just became easier

How you can use technology to ensure compliance in your organisation

Download now

Best practices for implementing security awareness training

How to develop a security awareness programme that will actually change behaviour

Download now



Hackers abuse LinkedIn DMs to plant malware

25 Feb 2019

Best smartphone 2019: Apple, Samsung and OnePlus duke it out

24 Dec 2019

Best free malware removal tools 2019

23 Dec 2019

Best antivirus for Windows 10

3 Sep 2019

Most Popular

data governance

Brexit security talks under threat after UK accused of illegally copying Schengen data

10 Jan 2020
Microsoft Windows

Memes and Viking funerals: The internet reacts to the death of Windows 7

14 Jan 2020

Openreach offers free full-fibre installation for thousands of homes

14 Jan 2020

Microsoft to patch ‘extraordinarily serious’ cryptographic flaw

14 Jan 2020