CyberSecurityBoard
Sponsor Register Login

Citizen Lab details ongoing battle against spyware vendors

Citizen Lab senior researcher Bill Marczak said that while the organization has achieved some important wins against spyware proliferation, the progress is inevitably hindered by vendors that continually adapt their technologies and practices.
The Citizen Lab at the University of Toronto's Munk School has become one of the foremost authorities on commercial spyware and surveillance technology for mobile devices.
One of the main challenges Citizen Lab faces, he said, is vendors constantly adapting and changing tactics to allow the continuation of spyware use.
NSO Group was one significant spyware player he highlighted, known for developing the Pegasus spyware used against U.K. government officials in 2022.
In 2014, for example, a hacker leaked files allegedly stolen from Gamma Group International, a surveillance software vendor behind the FinFisher spyware product.
The spyware vendors must be on hand to aid customers in their attempts to target specific individuals and bypass security features while remaining undetected.
Although spyware is marketed for use against criminals and terrorists, Marczak said it's often abused for political purposes.
That's where mercenary spyware comes in, Marczak said.
A lawsuit filed by Khashoggi's widow claimed that the Saudi government and NSO Group deployed spyware to intercept her husband's communications.
Citizen Lab investigations often involve tracking NSO spyware through IP address scans and fingerprinting.
Another challenge with spyware vendors is how they assist customers in circumventing precautions that the target is taking on their own or protections that are built into users' devices.
Targets receive SMS messages with links to spyware vendors' infrastructure, which Citizen Lab analyzes.
Marczak emphasized the importance of log analysis in the spyware fight.
Commercial spyware vendors aren't the only companies to change their technology or practices.
Another significant threat to mobile devices is zero-click exploits, which require no user interaction for attackers to deploy spyware.
Pegasus is one example of spyware that uses zero-click exploits for Android or Apple devices.
In the 2021 lawsuit, Apple claimed that the zero-click exploit was used to spread spyware through its servers.
Mobile technology companies have made some progress in curbing the spyware threat.
Though victims can still be targeted, Marczak said it prevents many types of spyware infections.
In response to ForcedEntry in 2021, Apple started sending out notifications to warn users if they were targeted by mercenary spyware and nation-state threats.


This Cyber News was published on www.techtarget.com. Publication date: Tue, 30 Jan 2024 00:43:04 +0000


Cyber News related to Citizen Lab details ongoing battle against spyware vendors

Citizen Lab details ongoing battle against spyware vendors - Citizen Lab senior researcher Bill Marczak said that while the organization has achieved some important wins against spyware proliferation, the progress is inevitably hindered by vendors that continually adapt their technologies and practices. The ...
1 year ago Techtarget.com
US Uses Visa Restrictions in Struggle Against Spyware - The United States will impose visa restrictions on foreign individuals who have been involving the misuse of spyware, the latest effort by the Biden Administration to address the dangers of the commercial software that often is used by governments ...
1 year ago Securityboulevard.com
Spyware isn't going anywhere, and neither are its tactics - The illegal use of spyware to target high-profile or at-risk individuals is a global problem, as highlighted by this article from The Register that Talos' Nick Biasini just contributed to. As we've written about, many Private Sector Offensive Actors ...
1 year ago Blog.talosintelligence.com CVE-2024-23222
Intellexa Spyware Adds Persistence with iOS or Android Device - In the shadowy realm of commercial spyware, the spotlight turns to the notorious Intellexa spyware and its Predator/Alien solution, as dissected by Cisco Talos in their comprehensive May 2023 report. This expose navigates the labyrinthine intricacies ...
1 year ago Gbhackers.com
Intellexa and Cytrox: From fixer-upper to Intel Agency-grade spyware - Cisco Talos has a new, in-depth analysis of timelines, operating paradigms and procedures adopted by spyware vendor Intellexa. Talos' analysis revealed that rebooting an iOS or Android device may not always remove the Predator spyware produced by ...
1 year ago Blog.talosintelligence.com
Google says spyware vendors behind most zero-days it discovers - Commercial spyware vendors were behind 80% of the zero-day vulnerabilities Google's Threat Analysis Group discovered in 2023 and used to spy on devices worldwide. Zero-day vulnerabilities are security flaws the vendors of impacted software do not ...
1 year ago Bleepingcomputer.com
ICE Signs $2 Million Contract With Spyware Maker Paragon Solutions | WIRED - Measures have included placing spyware vendors like NSO Group and Intellexa on the so-called Entity List to prevent any US companies from doing business with them; enacting a visa restriction policy against multiple individuals “who have been ...
6 months ago Wired.com
What is Spyware? How It Works and How to Protect Yourself Against It - Spyware is a type of malicious software that is designed to collect sensitive data from victims without their knowledge or consent. It is typically installed on computers without the user’s knowledge or consent, and collects sensitive information ...
2 years ago Heimdalsecurity.com
Is Your Organization Infected by Mobile Spyware? - The surge in mobile device usage within organizations has inevitably opened the floodgates to a new kind of cyber threat-mobile spyware. The growing dependence on mobile technology has made it imperative for organizations to recognize and mitigate ...
1 year ago Blog.checkpoint.com
Kaspersky Details Method for Detecting Spyware in iOS - Researchers with cybersecurity firm Kaspersky are detailing a lightweight method for detecting the presence of spyware, including The NSO Group's notorious Pegasus software, in Apple iOS devices. The new method, which calls for looking for traces of ...
1 year ago Securityboulevard.com
US announces visa ban on those linked to commercial spyware - Secretary of State Antony J. Blinken announced today a new visa restriction policy that will enable the Department of State to ban those linked to commercial spyware from entering the United States. As part of this effort, the Biden Administration ...
1 year ago Bleepingcomputer.com
U.S. rolls out visa restriction policy on people who misuse spyware to target journalists, activists - WASHINGTON - The Biden administration announced Monday it is rolling out a new policy that will allow it to impose visa restrictions on foreign individuals involved in the misuse of commercial spyware. The administration's policy will apply to people ...
1 year ago Pbs.org
Pegasus Spyware Targets Jordanian Civil Society in Wide-Ranging Attacks - Journalists, lawyers, and human-rights activists in the Middle Eastern nation of Jordan face increased surveillance from the controversial Pegasus spyware app, with nearly three dozen civilians targeted over the past four years. According to an ...
1 year ago Darkreading.com
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
1 year ago Esecurityplanet.com
WhatsApp patched zero-click flaw exploited in Paragon spyware attacks - Citizen Lab also mapped out the server infrastructure used by Paragon to deploy the Graphite spyware implants on targets' devices, finding potential links to multiple government customers, including Australia, Canada, Cyprus, Denmark, Israel, and ...
1 month ago Bleepingcomputer.com
US to Roll Out Visa Restrictions on People Who Misuse Spyware to Target Journalists, Activists - The Biden administration announced Monday it is rolling out a new policy that will allow it to impose visa restrictions on foreign individuals involved in the misuse of commercial spyware. The administration's policy will apply to people who've been ...
1 year ago Securityweek.com
Paragon Spyware Exploited WhatsApp Zero-day Vulnerability to Attack High-value Targets - Researchers have uncovered extensive evidence linking Israeli firm Paragon Solutions to a sophisticated spyware operation that exploited a zero-day vulnerability in WhatsApp to target journalists and civil society members. The investigation confirmed ...
4 weeks ago Cybersecuritynews.com
WhatsApp flaw can let attackers run malicious code on Windows PCs - On January 31, after mitigating the security issue server-side, WhatsApp alerted roughly 90 Android users from over two dozen countries, including Italian journalists and activists who were targeted in Paragon spyware attacks using the zero-click ...
1 week ago Bleepingcomputer.com CVE-2025-30401
Apple fixes two new iOS zero-days in emergency updates - Apple released emergency security updates to fix two zero-day vulnerabilities exploited in attacks and impacting iPhone, iPad, and Mac devices, reaching 20 zero-days patched since the start of the year. "Apple is aware of a report that this issue may ...
1 year ago Bleepingcomputer.com CVE-2023-42916 CVE-2023-42917
Days After Google, Apple Reveals Exploited Zero-Day in Browser Engine - Apple has patched an actively exploited zero-day bug in its WebKit browser engine for Safari. Actively Exploited Apple yesterday described the vulnerability as something an attacker could exploit to execute arbitrary code on affected systems. ...
1 year ago Darkreading.com CVE-2024-23222
Meta Disrupts 8 Spyware Firms, 3 Fake News Networks - Meta has identified and interrupted six spyware networks linked to eight companies in Italy, Spain, and the United Arab Emirates, as well as three fake news operations from China, Myanmar, and Ukraine. It outlines how fake news operations - ...
1 year ago Darkreading.com
SentinelLabs uncovers new CapraRAT spyware targeting Android users - A new report released today by SentinelLabs, the research arm of listed cybersecurity company SentinelOne Inc., warns of a resurgence of CapraRAT spyware targeting mobile gamers and weapons enthusiasts through malicious Android applications. CapraRAT ...
9 months ago Siliconangle.com APT3 Transparent Tribe
Two Serbian journalists reportedly targeted with Pegasus spyware | The Record from Recorded Future News - In November 2023, Amnesty International and other digital freedom groups diagnosed a zero-click spyware attack on two Serbian civil society members on the eve of national elections. The text message sent to one of the journalists targeted last month ...
3 weeks ago Therecord.media
Catalan court orders former NSO Group executives be indicted for spyware abuses | The Record from Recorded Future News - A provincial court in Barcelona has ordered that three former senior executives at NSO Group, a prominent spyware manufacturer, be indicted for their alleged role in a high-profile hacking scandal in which at least 63 Catalan civil society members ...
1 month ago Therecord.media
Vendor Penalized by New York Attorney General for Advertising Unlawful Spyware - The New York Office of the Attorney General has taken action against Patrick Hinchy and the 16 companies he owns for illegally selling and promoting spyware. Since 2011, Hinchy has been running these companies, which offer spyware for Android and iOS ...
2 years ago Securityweek.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)