The illegal use of spyware to target high-profile or at-risk individuals is a global problem, as highlighted by this article from The Register that Talos' Nick Biasini just contributed to.
As we've written about, many Private Sector Offensive Actors are developing spyware and selling it to whoever is willing to pay, regardless of what their motives are.
A group of nations including the U.S., U.K. and France, along with several Fortune 500 tech companies, signed an agreement Tuesday to work to limit the use of spyware across the globe and crack down harder on bad actors who are illegally selling and using the software.
For their part, the U.S. did roll out new restrictions on the visas of any foreign individuals who misuse commercial spyware.
The restrictions could also affect anyone who makes the spyware, profits off its sale or facilitates the sale of the technology.
These are all positive steps in the right direction toward curbing the use and sale of commercial spyware, but I remain concerned that the tendrils of spyware are too deep in the security landscape at this point that we'll be dealing with this issue for years to come.
Google's security research group recently found that 20 of the 25 zero-day vulnerabilities Google TAG discovered that were being exploited in the wild in 2023 were exploited by commercial spyware vendors.
In the same report, Google TAG said it was actively tracking at least 40 commercial spyware vendors - all with an unknown number of customers, users, creators and employees.
The general tenants of spyware are all around us, too.
While not traditional commercial spyware that's tracking journalists or dissidents, even just quiet trackers are being used all over the internet.
Meta's popular social media sites Instagram and Facebook have their own sets of tracking tools that can even monitor users' web activity outside of their apps and require users to manually turn that feature off.
Some mercenary groups are even embedding spyware into online ads and spreading spyware with little to no protection on mobile devices.
Just as with ransomware, the problem of addressing spyware and PSOAs is going to take an international, public-private effort, and it certainly won't be solved overnight.
One such way we can start taking steps to immediately curb the spread of spyware is with greater communication.
Talos encourages any organization, public or private, to publicly share actionable information or detection content related to spyware discovered in the wild.
Public disclosure is often limited in the number of technical details of how the spyware itself works or does not contain many IOCs.
The U.S. Cybersecurity and Infrastructure Security Agency only gave federal agencies 48 hours to disconnect any devices that used the affected software.
The vulnerability, CVE-2024-23222, also affects other Apple operating systems, including iOS and iPad OS. Vision Pro users also discovered that, before the software patch, they could not reset the password on their device without physically bringing the headset to a retail Apple store.
The passcode, typically a series of digits for the headset, could only be reset if the users gave the physical device to Apple support or mailed it to AppleCare.
Apple added the ability to reset the devices' passcode in the same patch that fixed the aforementioned vulnerability.
This Cyber News was published on blog.talosintelligence.com. Publication date: Thu, 08 Feb 2024 19:13:04 +0000