Enterprises are the “ideal” target for Trident iPhone hack

Trident malware will target your CEO, CTO, and employees

Malware that spies on iPhones will target enterprise deployments as well as consumers' devices, a security firm involved in its discovery has confirmed.

Pegasus, the spyware that installs itself on a user's iPhone by sending them an SMS message with a malicious link to click on, was revealed yesterday by mobile security company Lookoout, which investigated the malware with Citizen Lab.

Once installed, the malware, allegedly created by Israeli firm NSO Group, collects information from apps including Gmail, Facebook, Skype, WhatsApp, Calendar, FaceTime, and can also activate the iPhone's camera and microphone to listen in on conversations.

Pegasus is the final link in a three-part chain that is being called Trident. The first example of the attack was directed against human rights activist Ahmed Mansoor, but the cybersecurity firm warned that enterprises will be the prime target of the malware.

"These exploits are ideally suited to perform targeted, enterprise-focused attacks, and we expect that customers of this type of software are using these attacks for that that purpose," Mike Murray, Lookout's VP of security research & response, wrote in a blog post.

"The going price for Pegasus was roughly $8 million for 300 licenses, so it's not likely to be used against an average mobile device user, only targets that can be considered of high value."

These targets are not only the CEO and CTO of enterprise firms, whose devices will have secrets worth stealing, but also lower level staff, whose devices may not have as rigorous protection as those of C-level staff.

"Rank-and-file employees with credentials to access enterprise networks are clearly perceived as valuable targets by global threat actors," Murray said. "Unprotected employee mobile devices with access to sensitive corporate data are now likely to be the lowest hanging fruit for attackers looking to breach an enterprise."

A few years ago iPhones may not have presented such a large risk to enterprises' security, but Apple has built a $25 billion B2B business on the back of its flagship device over the last three years.

It has relied on partnerships with the likes of IBM and Box to get its hardware into businesses, with the firms aiming to offer the software businesses need on the devices staff actually want to use.

The iPhones most at risk are those used for both work and personal communications, Lookout warned, with one employee clicking the malicious link being all hackers need to break into an enterprise.

Apple has pushed out an update that fixes the vulnerabilities Trident exploits, but now IT staff must try to ensure all employees download the patch.

Featured Resources

The ultimate law enforcement agency guide to going mobile

Best practices for implementing a mobile device program

Free download

The business value of Red Hat OpenShift

Platform cost savings, ROI, and the challenges and opportunities of Red Hat OpenShift

Free download

Managing security and risk across the IT supply chain: A practical approach

Best practices for IT supply chain security

Free download

Digital remote monitoring and dispatch services’ impact on edge computing and data centres

Seven trends redefining remote monitoring and field service dispatch service requirements

Free download

Recommended

Malware developers create malformed code signatures to avoid detection
malware

Malware developers create malformed code signatures to avoid detection

24 Sep 2021
New malware uses search engine ads to target pirate gamers
malware

New malware uses search engine ads to target pirate gamers

21 Jul 2021
Patent shows Apple is working on improving iPhone’s AR capabilities
augmented reality (AR)

Patent shows Apple is working on improving iPhone’s AR capabilities

22 Jun 2021
HackBoss malware is using Telegram to steal cryptocurrency from other hackers
cryptocurrencies

HackBoss malware is using Telegram to steal cryptocurrency from other hackers

16 Apr 2021

Most Popular

Best Linux distros 2021
operating systems

Best Linux distros 2021

11 Oct 2021
HPE wins networking contract with Birmingham 2022 Commonwealth Games
Network & Internet

HPE wins networking contract with Birmingham 2022 Commonwealth Games

15 Oct 2021
Veritas Backup Exec 21.3 review: Covers every angle
backup software

Veritas Backup Exec 21.3 review: Covers every angle

14 Oct 2021