Enterprises are the “ideal” target for Trident iPhone hack

Trident malware will target your CEO, CTO, and employees

Malware that spies on iPhones will target enterprise deployments as well as consumers' devices, a security firm involved in its discovery has confirmed.

Pegasus, the spyware that installs itself on a user's iPhone by sending them an SMS message with a malicious link to click on, was revealed yesterday by mobile security company Lookoout, which investigated the malware with Citizen Lab.

Once installed, the malware, allegedly created by Israeli firm NSO Group, collects information from apps including Gmail, Facebook, Skype, WhatsApp, Calendar, FaceTime, and can also activate the iPhone's camera and microphone to listen in on conversations.

Pegasus is the final link in a three-part chain that is being called Trident. The first example of the attack was directed against human rights activist Ahmed Mansoor, but the cybersecurity firm warned that enterprises will be the prime target of the malware.

"These exploits are ideally suited to perform targeted, enterprise-focused attacks, and we expect that customers of this type of software are using these attacks for that that purpose," Mike Murray, Lookout's VP of security research & response, wrote in a blog post.

"The going price for Pegasus was roughly $8 million for 300 licenses, so it's not likely to be used against an average mobile device user, only targets that can be considered of high value."

These targets are not only the CEO and CTO of enterprise firms, whose devices will have secrets worth stealing, but also lower level staff, whose devices may not have as rigorous protection as those of C-level staff.

"Rank-and-file employees with credentials to access enterprise networks are clearly perceived as valuable targets by global threat actors," Murray said. "Unprotected employee mobile devices with access to sensitive corporate data are now likely to be the lowest hanging fruit for attackers looking to breach an enterprise."

A few years ago iPhones may not have presented such a large risk to enterprises' security, but Apple has built a $25 billion B2B business on the back of its flagship device over the last three years.

It has relied on partnerships with the likes of IBM and Box to get its hardware into businesses, with the firms aiming to offer the software businesses need on the devices staff actually want to use.

The iPhones most at risk are those used for both work and personal communications, Lookout warned, with one employee clicking the malicious link being all hackers need to break into an enterprise.

Apple has pushed out an update that fixes the vulnerabilities Trident exploits, but now IT staff must try to ensure all employees download the patch.

Featured Resources

Navigating the new normal: A fast guide to remote working

A smooth transition will support operations for years to come

Download now

Leading the data race

The trends driving the future of data science

Download now

How to create 1:1 customer experiences at scale

Meet the technology capable of delivering the personalisation your customers crave

Download now

How to achieve daily SAP releases

Accelerate the pace of SAP change to support your digital strategy

Download now

Recommended

Best free malware removal tools 2020
Security

Best free malware removal tools 2020

21 Sep 2020
'NetWalker' ransomware explodes thanks to 'as a service' expansion
ransomware

'NetWalker' ransomware explodes thanks to 'as a service' expansion

4 Sep 2020
Malware attacks using machine identities doubled in 2019
cyber security

Malware attacks using machine identities doubled in 2019

4 Aug 2020
Over two dozen Android apps found stealing user data
Google Android

Over two dozen Android apps found stealing user data

7 Jul 2020

Most Popular

16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020
Windows Server flaw sparks emergency US gov warning
vulnerability

Windows Server flaw sparks emergency US gov warning

21 Sep 2020