SlideShare une entreprise Scribd logo

pegasus-whatyouneedtoknow-160916194631 (1).pdf

0
064ChetanWani

This presentation provides information about the Pegasus cyber espionage tool, how it works, and how to protect against it. It discusses that Pegasus is zero-day spyware for iOS, exploits vulnerabilities in iOS to gain access to devices, and allows access to calls, messages, and all data. It also summarizes that the mobile threat defense company Skycure uses techniques like behavioral analysis and patching vulnerabilities to detect and block threats like Pegasus in order to prevent device compromise and data exfiltration.

Logiciels
1  sur  16
Télécharger pour lire hors ligne
Title of Presentation DD/MM/YYYY 1 Understanding the Pegasus Cyber Espionage Tool What you need to know about Pegasus Spyware & How to protect yourself from this and other threats
Title of Presentation DD/MM/YYYY 2 Agenda • Top 5 things to know about Pegasus • The Story of Pegasus • Technical details of Pegasus/Trident • The Hacking Process & The Kill Chain • How does Skycure protect your organization? • Q&A
Title of Presentation DD/MM/YYYY 3 Top 5 things to know about Pegasus 1. Pegasus is zero-day spyware for iOS 2. Pegasus is a low probability, but high impact threat 3. Apple’s iOS 9.3.5 update will not detect or remove Pegasus 4. Pegasus exposes ALL messages, calls, emails, data, communications, audio, video… 5. Existence of other exploits like Pegasus is very likely
Title of Presentation DD/MM/YYYY 4 Colliding Trends CYBER ATTACKS PC  Mobile Spam  Targeted Annoying  Financial gain Android  iOS MOBILE TECHNOLOGY Call + text + mail + everything Corporate  BYOD Convenience  Productivity Work hours  Always on BEST INFILTRATION AND ESPIONAGE DEVICE EVER
Title of Presentation DD/MM/YYYY 5 The Story THE PLAYERS: WHAT HAPPENED: NSO Group Cyber war software UAE (suspected) Nation state Ahmed Mansoor Human rights activist Citizen Lab Research laboratory Apple Mobile devices Found vulnerabilities in iOS (didn’t report) Pegasus, a zero- day “lawful intercept” spyware product for governments, exploits 3 iOS vulnerabilities to jailbreak and take over mobile devices Purchased Pegasus from NSO to spy on Ahmed Mansoor Send an SMS message with a malicious URL capable of completely compromising his mobile device Smartly, did not click on the SMS link Contacted Citizen Lab for forensic analysis Recognized exploit as an NSO product Analyzed the exploit Contacted Lookout for support in the analysis Notified Apple of Vulnerabilities Patched the three vulnerabilities and released iOS 9.3.5 update Filed CVE reports
Title of Presentation DD/MM/YYYY 6 Trident: 3 Zero-Day iOS Vulnerabilities • CVE-2016-4657: Memory Corruption in WebKit - Vulnerability in Safari WebKit allows the attacker to compromise the device when the user clicks a link • CVE-2016-4655: Information Leak in Kernel - Kernel base mapping vulnerability that leaks information to the attacker that allows him to calculate the kernel’s location in memory - circumvents KASLR • CVE-2016-4656: Kernel Memory corruption leads to Jailbreak - Kernel-level vulnerability that allows attacker to corrupt memory in a function, disabling the code signing requirement to silently jailbreak the device and install surveillance software that runs as if it were part of iOS. - Allows attacker to circumvent all security measures
Title of Presentation DD/MM/YYYY 7 The Surveillance Kernel App 1 App 2 App 3 App 4 Internet Cloud Services Corporate services Command & Control Center Data encryption Containers VPNs End-to-end encryption Secure email ✗ ✗ ✗ ✗ ? ✗
Title of Presentation DD/MM/YYYY 8 Exploits Kernel and Legitimate Apps Legitimate apps are patched in memory, not replaced by malicious apps. App patching is not required for Pegasus to spy, but it provides context.
Title of Presentation DD/MM/YYYY 9 Emphasis on Stealth Pegasus features designed to avoid detection • Throttle bandwidth based on connection • Operate certain functions when idle • Automatically uninstall if any chance of discovery • Automatically reverts to a legitimate website if exploit fails • Anonymizing proxy chain to obfuscate Command and Control “In general, we understand that it is more important that the source will not be exposed and the target will suspect nothing than keeping the agent alive and working.” - NSO Group documentation
Title of Presentation DD/MM/YYYY 10 Skycure Mobile Threat Defense Mobile Threat Intelligence Platform Physical Network Vulnerabilities Malware • Advanced security • Management console • Automation & integration Security Visibility IT Satisfaction Server-Side • End-user satisfaction • Detection & protection • No “Private APIs” Seamless experience Privacy Minimal footprint End-User App
Title of Presentation DD/MM/YYYY 11 The Cyber Kill Chain CYBER KILL CHAIN Reconnaissance Weaponization Delivery Exploitation Installation Command & Control Actions on Objectives • Study the target, gather intelligence • Design and build the exploit, research vulnerabilities • Social engineering – SMS, email, etc. • Execute infiltration, exploit vulnerabilities • Install malware • The “spy” receives information and may control the device • Exfiltration, theft, ransom, etc. Pegasus was stopped here ✗
Title of Presentation DD/MM/YYYY 12 How Skycure Interrupts the Kill Chain CYBER KILL CHAIN Reconnaissance Weaponization Delivery Exploitation Installation Command & Control Exfiltration • Study the hacker – gather intelligence on them • Protect against disclosed and undisclosed vulnerabilities • Protect unsuspecting users (i.e. SMS/MMS like Stagefright) • Static & dynamic analysis, system integrity checks • Block installation, detonate in a safe environment • Active Honeypot patent, who is the device talking to? • Block critical enterprise resources, recognize attackers when they use what they stole
Title of Presentation DD/MM/YYYY 13 xxxxxxxx xxxxxxxx xxxxxxxx Skycure Detections
Title of Presentation DD/MM/YYYY 14 What to do now Install Skycure – it’s free Contact Skycure Email: pegasus@skycure.com Call: 1-800-650-4821 1 2 If Pegasus is found TURN THE PHONE OFF 3
Title of Presentation DD/MM/YYYY 15 The Rest of the Story • Announcement about Pegasus after the Apple patches (August 25, 2016) • Security companies add Pegasus detection - Skycure already detected Pegasus (just added the name) • NSO is not out of business (nor are others) • Other exploits are out there – and more will come • Can you afford to wait until the next announcement? • There are no guarantees, but you can reduce your risk
Title of Presentation DD/MM/YYYY 16 Request a free Pegasus assessment get.skycure.com/pegasus-spyware-assessment Q&A

Recommandé

Pro Tips for Power Users – Palo Alto Networks Live Community and Fuel User Gr...
Pro Tips for Power Users – Palo Alto Networks Live Community and Fuel User Gr...Pro Tips for Power Users – Palo Alto Networks Live Community and Fuel User Gr...
Pro Tips for Power Users – Palo Alto Networks Live Community and Fuel User Gr...
PaloAltoNetworks
 
iOS-Application-Security-iAmPr3m
iOS-Application-Security-iAmPr3miOS-Application-Security-iAmPr3m
iOS-Application-Security-iAmPr3m
Prem Kumar (OSCP)
 
iOS application (in)security
iOS application (in)securityiOS application (in)security
iOS application (in)security
iphonepentest
 
Survey Presentation About Application Security
Survey Presentation About Application SecuritySurvey Presentation About Application Security
Survey Presentation About Application Security
Nicholas Davis
 
Breaking Secure Mobile Applications - Hack In The Box 2014 KL
Breaking Secure Mobile Applications - Hack In The Box 2014 KLBreaking Secure Mobile Applications - Hack In The Box 2014 KL
Breaking Secure Mobile Applications - Hack In The Box 2014 KL
iphonepentest
 
Owasp advanced mobile-application-code-review-techniques-v0.2
Owasp advanced mobile-application-code-review-techniques-v0.2Owasp advanced mobile-application-code-review-techniques-v0.2
Owasp advanced mobile-application-code-review-techniques-v0.2
drewz lin
 
Governance and Security in Cloud and Mobile Apps
Governance and Security in Cloud and Mobile AppsGovernance and Security in Cloud and Mobile Apps
Governance and Security in Cloud and Mobile Apps
Michael Scheidell
 
Security testing of mobile applications
Security testing of mobile applicationsSecurity testing of mobile applications
Security testing of mobile applications
GTestClub
 

Recommandé

Pro Tips for Power Users – Palo Alto Networks Live Community and Fuel User Gr...
Pro Tips for Power Users – Palo Alto Networks Live Community and Fuel User Gr...Pro Tips for Power Users – Palo Alto Networks Live Community and Fuel User Gr...
Pro Tips for Power Users – Palo Alto Networks Live Community and Fuel User Gr...
PaloAltoNetworks
 
iOS-Application-Security-iAmPr3m
iOS-Application-Security-iAmPr3miOS-Application-Security-iAmPr3m
iOS-Application-Security-iAmPr3m
Prem Kumar (OSCP)
 
iOS application (in)security
iOS application (in)securityiOS application (in)security
iOS application (in)security
iphonepentest
 
Survey Presentation About Application Security
Survey Presentation About Application SecuritySurvey Presentation About Application Security
Survey Presentation About Application Security
Nicholas Davis
 
Breaking Secure Mobile Applications - Hack In The Box 2014 KL
Breaking Secure Mobile Applications - Hack In The Box 2014 KLBreaking Secure Mobile Applications - Hack In The Box 2014 KL
Breaking Secure Mobile Applications - Hack In The Box 2014 KL
iphonepentest
 
Owasp advanced mobile-application-code-review-techniques-v0.2
Owasp advanced mobile-application-code-review-techniques-v0.2Owasp advanced mobile-application-code-review-techniques-v0.2
Owasp advanced mobile-application-code-review-techniques-v0.2
drewz lin
 
Governance and Security in Cloud and Mobile Apps
Governance and Security in Cloud and Mobile AppsGovernance and Security in Cloud and Mobile Apps
Governance and Security in Cloud and Mobile Apps
Michael Scheidell
 
Security testing of mobile applications
Security testing of mobile applicationsSecurity testing of mobile applications
Security testing of mobile applications
GTestClub
 
Content Analysis System and Advanced Threat Protection
Content Analysis System and Advanced Threat ProtectionContent Analysis System and Advanced Threat Protection
Content Analysis System and Advanced Threat Protection
Blue Coat
 
Mobile code mining for discovery and exploits nullcongoa2013
Mobile code mining for discovery and exploits nullcongoa2013Mobile code mining for discovery and exploits nullcongoa2013
Mobile code mining for discovery and exploits nullcongoa2013
Blueinfy Solutions
 
LIFT OFF 2017: Ransomware and IR Overview
LIFT OFF 2017: Ransomware and IR OverviewLIFT OFF 2017: Ransomware and IR Overview
LIFT OFF 2017: Ransomware and IR Overview
Robert Herjavec
 
Untitled 1
Untitled 1Untitled 1
Untitled 1
Sergey Kochergan
 
85% of App Store Apps Fail OWASP Mobile Top 10: Are you exposed?
85% of App Store Apps Fail OWASP Mobile Top 10: Are you exposed?85% of App Store Apps Fail OWASP Mobile Top 10: Are you exposed?
85% of App Store Apps Fail OWASP Mobile Top 10: Are you exposed?
NowSecure
 
Dmitry 'D1g1' Evdokimov - BlackBox analysis of iOS apps
Dmitry 'D1g1' Evdokimov - BlackBox analysis of iOS appsDmitry 'D1g1' Evdokimov - BlackBox analysis of iOS apps
Dmitry 'D1g1' Evdokimov - BlackBox analysis of iOS apps
DefconRussia
 
Cisco Security Presentation
Cisco Security PresentationCisco Security Presentation
Cisco Security Presentation
Simplex
 
Enterprise Cloud Security - Concepts Mash-up
Enterprise Cloud Security - Concepts Mash-upEnterprise Cloud Security - Concepts Mash-up
Enterprise Cloud Security - Concepts Mash-up
Dileep Kalidindi
 
Encryption in the Public Cloud: 16 Bits of Advice for Security Techniques
Encryption in the Public Cloud: 16 Bits of Advice for Security TechniquesEncryption in the Public Cloud: 16 Bits of Advice for Security Techniques
Encryption in the Public Cloud: 16 Bits of Advice for Security Techniques
Trend Micro
 
Palestra Jeferson Propheta - Wanna Cry more
Palestra Jeferson Propheta - Wanna Cry morePalestra Jeferson Propheta - Wanna Cry more
Palestra Jeferson Propheta - Wanna Cry more
BHack Conference
 
Debunking the Top 5 Myths About Mobile AppSec
Debunking the Top 5 Myths About Mobile AppSecDebunking the Top 5 Myths About Mobile AppSec
Debunking the Top 5 Myths About Mobile AppSec
NowSecure
 
New Horizons SCYBER Presentation
New Horizons SCYBER PresentationNew Horizons SCYBER Presentation
New Horizons SCYBER Presentation
New Horizons Computer Learning Centers / 5PE
 
Hacking Tizen : The OS of Everything - Nullcon Goa 2015
Hacking Tizen : The OS of Everything - Nullcon Goa 2015Hacking Tizen : The OS of Everything - Nullcon Goa 2015
Hacking Tizen : The OS of Everything - Nullcon Goa 2015
Ajin Abraham
 
Cisco, Sourcefire and Lancope - Better Together
Cisco, Sourcefire and Lancope - Better TogetherCisco, Sourcefire and Lancope - Better Together
Cisco, Sourcefire and Lancope - Better Together
Lancope, Inc.
 
Sasa milic, cisco advanced malware protection
Sasa milic, cisco advanced malware protectionSasa milic, cisco advanced malware protection
Sasa milic, cisco advanced malware protection
Dejan Jeremic
 
Next Generation Security
Next Generation SecurityNext Generation Security
Next Generation Security
Cisco Canada
 
OWASP
OWASPOWASP
OWASP
Pen Testeronyguy
 
Azure 101: Shared responsibility in the Azure Cloud
Azure 101: Shared responsibility in the Azure CloudAzure 101: Shared responsibility in the Azure Cloud
Azure 101: Shared responsibility in the Azure Cloud
Paulo Renato
 
Evaluating iOS Applications
Evaluating iOS ApplicationsEvaluating iOS Applications
Evaluating iOS Applications
iphonepentest
 
Securing Systems - Still Crazy After All These Years
Securing Systems - Still Crazy After All These YearsSecuring Systems - Still Crazy After All These Years
Securing Systems - Still Crazy After All These Years
Adrian Sanabria
 
%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand
masabamasaba
 
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
masabamasaba
 

Contenu connexe

Similaire à pegasus-whatyouneedtoknow-160916194631 (1).pdf

Dmitry 'D1g1' Evdokimov - BlackBox analysis of iOS apps
Dmitry 'D1g1' Evdokimov - BlackBox analysis of iOS appsDmitry 'D1g1' Evdokimov - BlackBox analysis of iOS apps
Dmitry 'D1g1' Evdokimov - BlackBox analysis of iOS apps
DefconRussia
 
Debunking the Top 5 Myths About Mobile AppSec
Debunking the Top 5 Myths About Mobile AppSecDebunking the Top 5 Myths About Mobile AppSec
Debunking the Top 5 Myths About Mobile AppSec
NowSecure
 
Hacking Tizen : The OS of Everything - Nullcon Goa 2015
Hacking Tizen : The OS of Everything - Nullcon Goa 2015Hacking Tizen : The OS of Everything - Nullcon Goa 2015
Hacking Tizen : The OS of Everything - Nullcon Goa 2015
Ajin Abraham
 

Similaire à pegasus-whatyouneedtoknow-160916194631 (1).pdf (20)

Content Analysis System and Advanced Threat Protection
Content Analysis System and Advanced Threat ProtectionContent Analysis System and Advanced Threat Protection
Content Analysis System and Advanced Threat Protection
 
Mobile code mining for discovery and exploits nullcongoa2013
Mobile code mining for discovery and exploits nullcongoa2013Mobile code mining for discovery and exploits nullcongoa2013
Mobile code mining for discovery and exploits nullcongoa2013
 
LIFT OFF 2017: Ransomware and IR Overview
LIFT OFF 2017: Ransomware and IR OverviewLIFT OFF 2017: Ransomware and IR Overview
LIFT OFF 2017: Ransomware and IR Overview
 
Untitled 1
Untitled 1Untitled 1
Untitled 1
 
85% of App Store Apps Fail OWASP Mobile Top 10: Are you exposed?
85% of App Store Apps Fail OWASP Mobile Top 10: Are you exposed?85% of App Store Apps Fail OWASP Mobile Top 10: Are you exposed?
85% of App Store Apps Fail OWASP Mobile Top 10: Are you exposed?
 
Dmitry 'D1g1' Evdokimov - BlackBox analysis of iOS apps
Dmitry 'D1g1' Evdokimov - BlackBox analysis of iOS appsDmitry 'D1g1' Evdokimov - BlackBox analysis of iOS apps
Dmitry 'D1g1' Evdokimov - BlackBox analysis of iOS apps
 
Cisco Security Presentation
Cisco Security PresentationCisco Security Presentation
Cisco Security Presentation
 
Enterprise Cloud Security - Concepts Mash-up
Enterprise Cloud Security - Concepts Mash-upEnterprise Cloud Security - Concepts Mash-up
Enterprise Cloud Security - Concepts Mash-up
 
Encryption in the Public Cloud: 16 Bits of Advice for Security Techniques
Encryption in the Public Cloud: 16 Bits of Advice for Security TechniquesEncryption in the Public Cloud: 16 Bits of Advice for Security Techniques
Encryption in the Public Cloud: 16 Bits of Advice for Security Techniques
 
Palestra Jeferson Propheta - Wanna Cry more
Palestra Jeferson Propheta - Wanna Cry morePalestra Jeferson Propheta - Wanna Cry more
Palestra Jeferson Propheta - Wanna Cry more
 
Debunking the Top 5 Myths About Mobile AppSec
Debunking the Top 5 Myths About Mobile AppSecDebunking the Top 5 Myths About Mobile AppSec
Debunking the Top 5 Myths About Mobile AppSec
 
New Horizons SCYBER Presentation
New Horizons SCYBER PresentationNew Horizons SCYBER Presentation
New Horizons SCYBER Presentation
 
Hacking Tizen : The OS of Everything - Nullcon Goa 2015
Hacking Tizen : The OS of Everything - Nullcon Goa 2015Hacking Tizen : The OS of Everything - Nullcon Goa 2015
Hacking Tizen : The OS of Everything - Nullcon Goa 2015
 
Cisco, Sourcefire and Lancope - Better Together
Cisco, Sourcefire and Lancope - Better TogetherCisco, Sourcefire and Lancope - Better Together
Cisco, Sourcefire and Lancope - Better Together
 
Sasa milic, cisco advanced malware protection
Sasa milic, cisco advanced malware protectionSasa milic, cisco advanced malware protection
Sasa milic, cisco advanced malware protection
 
Next Generation Security
Next Generation SecurityNext Generation Security
Next Generation Security
 
OWASP
OWASPOWASP
OWASP
 
Azure 101: Shared responsibility in the Azure Cloud
Azure 101: Shared responsibility in the Azure CloudAzure 101: Shared responsibility in the Azure Cloud
Azure 101: Shared responsibility in the Azure Cloud
 
Evaluating iOS Applications
Evaluating iOS ApplicationsEvaluating iOS Applications
Evaluating iOS Applications
 
Securing Systems - Still Crazy After All These Years
Securing Systems - Still Crazy After All These YearsSecuring Systems - Still Crazy After All These Years
Securing Systems - Still Crazy After All These Years
 

Dernier

%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
masabamasaba
 
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesAI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
VictorSzoltysek
 
Architecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastArchitecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the past
Papp Krisztián
 
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
VictoriaMetrics
 
Harnessing ChatGPT - Elevating Productivity in Today's Agile Environment
Harnessing ChatGPT - Elevating Productivity in Today's Agile EnvironmentHarnessing ChatGPT - Elevating Productivity in Today's Agile Environment
Harnessing ChatGPT - Elevating Productivity in Today's Agile Environment
VictorSzoltysek
 
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
masabamasaba
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
panagenda
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
Delhi Call girls
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Steffen Staab
 
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
masabamasaba
 
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
masabamasaba
 

Dernier (20)

%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand
 
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
 
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
 
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesAI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
 
Architecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastArchitecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the past
 
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
 
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
 
Harnessing ChatGPT - Elevating Productivity in Today's Agile Environment
Harnessing ChatGPT - Elevating Productivity in Today's Agile EnvironmentHarnessing ChatGPT - Elevating Productivity in Today's Agile Environment
Harnessing ChatGPT - Elevating Productivity in Today's Agile Environment
 
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
 
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
 
VTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnVTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learn
 
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
 
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
 
%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in soweto%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in soweto
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
 
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
 
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
 
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
 

pegasus-whatyouneedtoknow-160916194631 (1).pdf

  • 1. Title of Presentation DD/MM/YYYY 1 Understanding the Pegasus Cyber Espionage Tool What you need to know about Pegasus Spyware & How to protect yourself from this and other threats
  • 2. Title of Presentation DD/MM/YYYY 2 Agenda • Top 5 things to know about Pegasus • The Story of Pegasus • Technical details of Pegasus/Trident • The Hacking Process & The Kill Chain • How does Skycure protect your organization? • Q&A
  • 3. Title of Presentation DD/MM/YYYY 3 Top 5 things to know about Pegasus 1. Pegasus is zero-day spyware for iOS 2. Pegasus is a low probability, but high impact threat 3. Apple’s iOS 9.3.5 update will not detect or remove Pegasus 4. Pegasus exposes ALL messages, calls, emails, data, communications, audio, video… 5. Existence of other exploits like Pegasus is very likely
  • 4. Title of Presentation DD/MM/YYYY 4 Colliding Trends CYBER ATTACKS PC  Mobile Spam  Targeted Annoying  Financial gain Android  iOS MOBILE TECHNOLOGY Call + text + mail + everything Corporate  BYOD Convenience  Productivity Work hours  Always on BEST INFILTRATION AND ESPIONAGE DEVICE EVER
  • 5. Title of Presentation DD/MM/YYYY 5 The Story THE PLAYERS: WHAT HAPPENED: NSO Group Cyber war software UAE (suspected) Nation state Ahmed Mansoor Human rights activist Citizen Lab Research laboratory Apple Mobile devices Found vulnerabilities in iOS (didn’t report) Pegasus, a zero- day “lawful intercept” spyware product for governments, exploits 3 iOS vulnerabilities to jailbreak and take over mobile devices Purchased Pegasus from NSO to spy on Ahmed Mansoor Send an SMS message with a malicious URL capable of completely compromising his mobile device Smartly, did not click on the SMS link Contacted Citizen Lab for forensic analysis Recognized exploit as an NSO product Analyzed the exploit Contacted Lookout for support in the analysis Notified Apple of Vulnerabilities Patched the three vulnerabilities and released iOS 9.3.5 update Filed CVE reports
  • 6. Title of Presentation DD/MM/YYYY 6 Trident: 3 Zero-Day iOS Vulnerabilities • CVE-2016-4657: Memory Corruption in WebKit - Vulnerability in Safari WebKit allows the attacker to compromise the device when the user clicks a link • CVE-2016-4655: Information Leak in Kernel - Kernel base mapping vulnerability that leaks information to the attacker that allows him to calculate the kernel’s location in memory - circumvents KASLR • CVE-2016-4656: Kernel Memory corruption leads to Jailbreak - Kernel-level vulnerability that allows attacker to corrupt memory in a function, disabling the code signing requirement to silently jailbreak the device and install surveillance software that runs as if it were part of iOS. - Allows attacker to circumvent all security measures
  • 7. Title of Presentation DD/MM/YYYY 7 The Surveillance Kernel App 1 App 2 App 3 App 4 Internet Cloud Services Corporate services Command & Control Center Data encryption Containers VPNs End-to-end encryption Secure email ✗ ✗ ✗ ✗ ? ✗
  • 8. Title of Presentation DD/MM/YYYY 8 Exploits Kernel and Legitimate Apps Legitimate apps are patched in memory, not replaced by malicious apps. App patching is not required for Pegasus to spy, but it provides context.
  • 9. Title of Presentation DD/MM/YYYY 9 Emphasis on Stealth Pegasus features designed to avoid detection • Throttle bandwidth based on connection • Operate certain functions when idle • Automatically uninstall if any chance of discovery • Automatically reverts to a legitimate website if exploit fails • Anonymizing proxy chain to obfuscate Command and Control “In general, we understand that it is more important that the source will not be exposed and the target will suspect nothing than keeping the agent alive and working.” - NSO Group documentation
  • 10. Title of Presentation DD/MM/YYYY 10 Skycure Mobile Threat Defense Mobile Threat Intelligence Platform Physical Network Vulnerabilities Malware • Advanced security • Management console • Automation & integration Security Visibility IT Satisfaction Server-Side • End-user satisfaction • Detection & protection • No “Private APIs” Seamless experience Privacy Minimal footprint End-User App
  • 11. Title of Presentation DD/MM/YYYY 11 The Cyber Kill Chain CYBER KILL CHAIN Reconnaissance Weaponization Delivery Exploitation Installation Command & Control Actions on Objectives • Study the target, gather intelligence • Design and build the exploit, research vulnerabilities • Social engineering – SMS, email, etc. • Execute infiltration, exploit vulnerabilities • Install malware • The “spy” receives information and may control the device • Exfiltration, theft, ransom, etc. Pegasus was stopped here ✗
  • 12. Title of Presentation DD/MM/YYYY 12 How Skycure Interrupts the Kill Chain CYBER KILL CHAIN Reconnaissance Weaponization Delivery Exploitation Installation Command & Control Exfiltration • Study the hacker – gather intelligence on them • Protect against disclosed and undisclosed vulnerabilities • Protect unsuspecting users (i.e. SMS/MMS like Stagefright) • Static & dynamic analysis, system integrity checks • Block installation, detonate in a safe environment • Active Honeypot patent, who is the device talking to? • Block critical enterprise resources, recognize attackers when they use what they stole
  • 13. Title of Presentation DD/MM/YYYY 13 xxxxxxxx xxxxxxxx xxxxxxxx Skycure Detections
  • 14. Title of Presentation DD/MM/YYYY 14 What to do now Install Skycure – it’s free Contact Skycure Email: pegasus@skycure.com Call: 1-800-650-4821 1 2 If Pegasus is found TURN THE PHONE OFF 3
  • 15. Title of Presentation DD/MM/YYYY 15 The Rest of the Story • Announcement about Pegasus after the Apple patches (August 25, 2016) • Security companies add Pegasus detection - Skycure already detected Pegasus (just added the name) • NSO is not out of business (nor are others) • Other exploits are out there – and more will come • Can you afford to wait until the next announcement? • There are no guarantees, but you can reduce your risk
  • 16. Title of Presentation DD/MM/YYYY 16 Request a free Pegasus assessment get.skycure.com/pegasus-spyware-assessment Q&A