NSO Group’s Pegasus Spyware And The Implications For Businesses

Security activists recently leaked the client list of NSO Group. The Israel-based company privately licenses its Pegasus spyware to various organizations and groups worldwide. Pegasus is a piece of spyware that can turn any modern phone into a constant surveillance device. But does this revelation have any chance of impacting small businesses? This article will discuss everything you need to know about Pegasus and its dangers to your business and employees.

Who Are NSO Group?

NSO Group is a private surveillance technology firm based in Herzliya, Isreal. The company mainly produces surveillance software licensed out to various governments, typically to spy on their citizens. Since its founding in 2011, NSO has provided tech to various governments, including countries like Mexico.

Governments have used the software and tools that NSO Group provides to suppress political dissidents and journalists. Amnesty International worked with more than 80 journalists in 17 media organizations to release a report on the company’s clients in 2021.

What is Pegasus?

The Pegasus Project - Header
The Pegasus Project is the only reason that the full scope of NSO Group’s dangerous spyware has come to light. | Source: Amnesty International

Pegasus is the name of NSO Group’s flagship piece of software. It’s an application easily installed on target phones, turning them into constant surveillance devices. This software can read microphone and camera information, save all the phone’s keystrokes, and report the owner’s location.

One of the most dangerous facts about Pegasus is how many different devices it can break into. Governments with access to Pegasus can install it on almost any modern iOS or Android device. While companies like Apple do release patches to combat the software, engineers at NSO constantly update it.

Currently, the Israeli government only licenses the sale of the Pegasus spyware to government bodies rather than private entities. However, a single leak of the software could lead to it getting into the hands of hacking groups. Moreover, some state-sponsored hackers may already have it, as their government will have the power to buy it from NSO Group.

How Pegasus Could Damage Your Business

If Pegasus makes it into the wrong hands, the potential damage to businesses large and small could be catastrophic. Below is a list of how hackers could use Pegasus to damage a business.

Industrial Espionage

Industrial espionage is a constant threat if your business operates in certain fields. For example, any company that designs its products must be mindful of rival companies attempting to steal designs and ideas. If Pegasus fell into the hands of one of these companies, or hackers working for hire, it could easily become one of the greatest industrial espionage tools in the modern age.

Hackers could install Pegasus onto the phones of a company CEO or any number of employees. With the ability to record audio from the phone’s microphone, any discussions around private details could be recorded. Even if rival companies do not use this technology, hackers could record as much information as a company as they wanted, then sell it on to the highest bidder.

Even worse, the ability to record using the phone’s cameras means detailed visual information may also be available to hackers or rival companies. Hackers could even copy physical blueprints or designs if an employee inadvertently pointed their phone camera at them.

Cyber Attacks

cyberattack statistics
One of the greatest dangers posed by Pegasus is its potential to allow more data breaches. | Source: Varonis

Another worrying aspect of Pegasus is how hackers could use it to enable further cyberattacks. Because Pegasus can record keystrokes, microphone data, and camera input, hackers could use it to gain information about a company’s security systems. It’s even possible for hackers to use this software to skim passwords in various circumstances.

If a hacker used this malware on a company, they’d also install further software. Unfortunately, ransomware attacks are prevalent, and it wouldn’t take much of a leap to move from Pegasus to ransomware, potentially locking a company’s entire system up.

Sabotage & Blackmail

With the ability to harvest large amounts of data, rival companies or hackers could use Pegasus to sabotage or blackmail key figures at a company of any size. Pegasus allows the user to record and access personal information, such as dates and times of key meetings. This information can easily cause harm to a company. For example, a rival company could seek deals with the target’s prospective business partners, pushing them out of business.

If private information directly from a CEO were to be gained using Pegasus, it’s also possible that hackers would blackmail that target. Even executives with nothing to hide may be uncomfortable with their personal information being readily available online. Almost anyone could be a target for scammers or hackers out to make a quick buck through blackmail.

What to Do About These Threats

Right now, Pegasus doesn’t directly threaten most businesses, but it’s important to be prepared in case that changes. If it’s possible, restrict the use of smartphones in your business. It’s sometimes difficult to remember that we’re always carrying around tiny cameras and microphones. Even without the threat of Pegasus, it’s important to take adequate precautions against compromised smart devices.

Ensure you’ve kept your security policy up-to-date, and stay informed on cybersecurity news. Staying in the loop is one of the greatest weapons in the arsenal of any business, no matter its size.

Featured image by ozrimoz from Shutterstock.com