SlideShare ist ein Scribd-Unternehmen logo

Pegasus.pptx

‱Als PPTX, PDF herunterladen‱
‱
G
Gaurav231104

Pegagsus

Technologie
1 von 12
Pegasus spyware
AGENDA  What is Pegasus  When it was discovered  Trident vulnerability  How it works  Who was targeted  Prevention and mitigation
What is Pegasus  Pegasus is spyware that aids in cyber-espionage developed by the NSO Group of Israel. Recent investigations reveal that Pegasus was used as a surveillance tool targeting high-profile Government representatives, officials, human rights activists, journalists, and even Heads of State. Spyware is software designed to intrude on target devices, gather information about them, and then transfer it to the handlers or Threat Actors via encrypted channels. Threat Actors could be individuals or groups with malicious intent to target flaws in systems for personal or other gains. Threat Actors might be cybercriminals looking for financial gains or groups backed by nation-states. The latter are called Advanced Persistent Threats (APTs). APTs usually have a high level of sophistication, resources, and planning.
When it was discovered ?  Pegasus was discovered in August 2016 after a failed installation attempt on the iPhone of a human rights activist led to an investigation revealing details about the spyware, its abilities, and the security vulnerabilities it exploited. News of the spyware caused significant media coverage. It was called the “most sophisticated” smartphone attack ever, and marked the first time that a malicious remote exploit using jailbreak to gain unrestricted access to an iPhone had been detected. This version of the spyware infected smartphones using a technique called “spear- fishing”: text messages or emails containing a malicious link were sent to the target. It depended on the target clicking the link—a requirement that was done away with in subsequent version.
Trident Vulnerability  The software contains multiple zero-day vulnerabilities, referred to here as Trident, used against iOS 9.3.3, each of which would have worked against 9.3.4 as of the date of discovery. With the 9.3.5 patches, these vulnerabilities will no longer work 1) CVE-2016-4657: Memory Corruption in Safari WebKit A memory corruption vulnerability exists in Safari WebKit that allows an attacker to execute arbitrary code. Pegasus exploits this vulnerability to obtain initial code execution privileges within the context of the Safari web browser. 2) CVE-2016-4655: Kernel Information Leak Circumvents KASLR Before Pegasus can execute its jailbreak, it must determine where the kernel is located in memory. Kernel Address Space Layout Randomization (KASLR) makes this task difficult by mapping the kernel into different and unpredictable locations in memory. In short, before attacking the kernel, Pegasus has to find it. 3) CVE-2016-4656: Memory Corruption in Kernel leads to Jailbreak The third vulnerability in Pegasus’ Trident is the one that is used to jailbreak the phone. A memory corruption vulnerability in the kernel is used to corrupt memory in both the 32- and 64-bit versions. The exploits are performed differently on each version
How it works  The attack is composed of three separate stages that include both the exploit code and the surveillance software. The stages are regular; each stage is expected to successfully decode, exploit, install, and run the following stage. Each steps leverages one of the vulnerabilities in order to function successfully.  Stage 1 Delivery and WebKit vulnerability: This step comes down over the initial URL in the form of an HTML file (1411194s) that uses a vulnerability (CVE-2016–4657) in WebKit (used in Safari and other browsers).
 Stage 2 Jailbreak: This step is downloaded from the first stage code based on the device type (32-bit vs 64-bit).Stage 2 is downloaded as an obfuscated and encrypted package. Each package is encrypted with unique keys at every download, making conventional network-based restrictions weak. It includes the code that is required to utilize the iOS Kernel (CVE-2016–4655 and CVE-2016– 4656) and a loader that downloads and decrypts a package for stage 3.  Stage 3 Reconnaissance software: This step is downloaded by stage 2 and is also based on the device type (32-bit vs 64-bit). Stage 3 contains the surveillance software, daemons, and other processes that are used after the device has been jail broken in stage 2. Stage 3 establishes the hooks into the applications the attacker wants to spy on. Additionally, stage 3 detects if the device was previously jail broken by another program and, if so, kills any way to the device that the jailbreak grants, such as via SSH. The software also holds a failsafe to eliminate itself if certain circumstances are present.
Who was targeted  The targets mentioned in the recent Pegasus attack coverage were human rights activists, journalists involved in high-profile investigations, ministers and opposition leaders from various countries, and the Heads of State or their associates. The data leak of approximately 50,000 numbers confirmed the potential surveillance targets in multiple countries around the world.  Governments of various countries, including India, Israel, Hungary, Morocco, Rwanda, UAE, Saudi Arabia, Spain, Azerbaijan, Bahrain, Kazakhstan, and Mexico, have been named in the data leak for using Pegasus
Prevention and mitigation  Since it is challenging to detect the presence of Pegasus once it infects a system, prevention is the best defense. Here are a few things to keep in mind to protect devices from Pegasus.  Open links only from trusted sources.  Contact your IT support immediately if you spot something amiss in any of your devices.  Always have an up-to-date Antivirus solution from a reputed security organization on your device.  Be aware of any new services, apps that have come up on your device recently.
 In case you are suspicious of a Pegasus attack, you can use tools like the one shared by Amnesty International called the Mobile Verification Toolkit or MVT that can decrypt iOS backups, process and parse records from iOS systems, generate JSON logs, amongst other things, to identify a potential infection and compromise.
Thank you

Empfohlen

pegasus spyware
pegasus spywarepegasus spyware
pegasus spywarenational forensic science university
 
Pegasus Spyware - What You Need to Know
Pegasus Spyware - What You Need to KnowPegasus Spyware - What You Need to Know
Pegasus Spyware - What You Need to KnowSkycure
 
Pegasus, A spyware
Pegasus, A spywarePegasus, A spyware
Pegasus, A spywareManash Kumar Mondal
 
Lookout pegasus-android-technical-analysis
Lookout pegasus-android-technical-analysisLookout pegasus-android-technical-analysis
Lookout pegasus-android-technical-analysisAndrey Apuhtin
 
An introduction to Xamarin
An introduction to XamarinAn introduction to Xamarin
An introduction to XamarinCynoteck Technology Solutions Private Limited
 
Cybersecurity.pptx
Cybersecurity.pptxCybersecurity.pptx
Cybersecurity.pptxFwem
 
Android's security architecture
Android's security architectureAndroid's security architecture
Android's security architectureOfer Rivlin, CISSP
 
Computer virus
Computer virusComputer virus
Computer virusWalden University
 

Empfohlen

pegasus spyware
pegasus spywarepegasus spyware
pegasus spywarenational forensic science university
 
Pegasus Spyware - What You Need to Know
Pegasus Spyware - What You Need to KnowPegasus Spyware - What You Need to Know
Pegasus Spyware - What You Need to KnowSkycure
 
Pegasus, A spyware
Pegasus, A spywarePegasus, A spyware
Pegasus, A spywareManash Kumar Mondal
 
Lookout pegasus-android-technical-analysis
Lookout pegasus-android-technical-analysisLookout pegasus-android-technical-analysis
Lookout pegasus-android-technical-analysisAndrey Apuhtin
 
An introduction to Xamarin
An introduction to XamarinAn introduction to Xamarin
An introduction to XamarinCynoteck Technology Solutions Private Limited
 
Cybersecurity.pptx
Cybersecurity.pptxCybersecurity.pptx
Cybersecurity.pptxFwem
 
Android's security architecture
Android's security architectureAndroid's security architecture
Android's security architectureOfer Rivlin, CISSP
 
Computer virus
Computer virusComputer virus
Computer virusWalden University
 
Owasp Top 10 Mobile Risks
Owasp Top 10 Mobile RisksOwasp Top 10 Mobile Risks
Owasp Top 10 Mobile RisksPrathan Phongthiproek
 
Course Final Project on OceanLotus by Lino Lazarous Marino Ija
Course Final Project on OceanLotus by Lino Lazarous Marino IjaCourse Final Project on OceanLotus by Lino Lazarous Marino Ija
Course Final Project on OceanLotus by Lino Lazarous Marino IjaRight Tech Centre
 
Threat Actors - Vietnam (OceansLotus).pptx
Threat Actors - Vietnam (OceansLotus).pptxThreat Actors - Vietnam (OceansLotus).pptx
Threat Actors - Vietnam (OceansLotus).pptxMALCOMNORONHA1
 
Anti-tampering in Android and Take Look at Google SafetyNet Attestation API
Anti-tampering in Android and Take Look at Google SafetyNet Attestation APIAnti-tampering in Android and Take Look at Google SafetyNet Attestation API
Anti-tampering in Android and Take Look at Google SafetyNet Attestation APIArash Ramez
 
Introduction to Xamarin.Forms
Introduction to Xamarin.FormsIntroduction to Xamarin.Forms
Introduction to Xamarin.FormsXamarin
 
Computer viruses
Computer virusesComputer viruses
Computer virusesPRANJAL SAIKIA
 
Malware
MalwareMalware
MalwareAnoushka Srivastava
 
Computer software
Computer softwareComputer software
Computer softwareSakib3017
 
Computer virus
Computer virusComputer virus
Computer virusMark Anthony Maranga
 
malware analysis
malware analysismalware analysis
malware analysis20CS201AkashR
 
Computer virus
Computer virusComputer virus
Computer virusKaushik Vemani Venkata
 
Music on cloud
Music on cloudMusic on cloud
Music on cloudAkhila Mohan
 
Computer virus
Computer virusComputer virus
Computer virusAnkita Shirke
 
Computer virus (Microsoft Powerpoint)
Computer virus (Microsoft Powerpoint)Computer virus (Microsoft Powerpoint)
Computer virus (Microsoft Powerpoint)ainizbahari97
 
Analisi del Ransomware WannaCry
Analisi del Ransomware WannaCryAnalisi del Ransomware WannaCry
Analisi del Ransomware WannaCryRaffaele D'Arco
 
Rust programming-language
Rust programming-languageRust programming-language
Rust programming-languageMujahid Malik Arain
 
Computer Virus
Computer VirusComputer Virus
Computer VirusRabab Munawar
 
App Development Services
App Development ServicesApp Development Services
App Development ServicesNeuronimbus Software Services
 
What Is Spyware?
What Is Spyware?What Is Spyware?
What Is Spyware?Lookout
 
Computer viruses
Computer virusesComputer viruses
Computer virusesaagmansaini
 
Advanced Threats in the Enterprise: Finding an Evil in the Haystack
Advanced Threats in the Enterprise: Finding an Evil in the HaystackAdvanced Threats in the Enterprise: Finding an Evil in the Haystack
Advanced Threats in the Enterprise: Finding an Evil in the HaystackEMC
 
Types of malicious software and remedies
Types of malicious software and remediesTypes of malicious software and remedies
Types of malicious software and remediesManish Kumar
 

Weitere Àhnliche Inhalte

Was ist angesagt?

Course Final Project on OceanLotus by Lino Lazarous Marino Ija
Course Final Project on OceanLotus by Lino Lazarous Marino IjaCourse Final Project on OceanLotus by Lino Lazarous Marino Ija
Course Final Project on OceanLotus by Lino Lazarous Marino IjaRight Tech Centre
 
Threat Actors - Vietnam (OceansLotus).pptx
Threat Actors - Vietnam (OceansLotus).pptxThreat Actors - Vietnam (OceansLotus).pptx
Threat Actors - Vietnam (OceansLotus).pptxMALCOMNORONHA1
 
Anti-tampering in Android and Take Look at Google SafetyNet Attestation API
Anti-tampering in Android and Take Look at Google SafetyNet Attestation APIAnti-tampering in Android and Take Look at Google SafetyNet Attestation API
Anti-tampering in Android and Take Look at Google SafetyNet Attestation APIArash Ramez
 
Introduction to Xamarin.Forms
Introduction to Xamarin.FormsIntroduction to Xamarin.Forms
Introduction to Xamarin.FormsXamarin
 
Computer viruses
Computer virusesComputer viruses
Computer virusesPRANJAL SAIKIA
 
Computer software
Computer softwareComputer software
Computer softwareSakib3017
 
malware analysis
malware analysismalware analysis
malware analysis20CS201AkashR
 
Music on cloud
Music on cloudMusic on cloud
Music on cloudAkhila Mohan
 
Computer virus
Computer virusComputer virus
Computer virusAnkita Shirke
 
Computer virus (Microsoft Powerpoint)
Computer virus (Microsoft Powerpoint)Computer virus (Microsoft Powerpoint)
Computer virus (Microsoft Powerpoint)ainizbahari97
 
Analisi del Ransomware WannaCry
Analisi del Ransomware WannaCryAnalisi del Ransomware WannaCry
Analisi del Ransomware WannaCryRaffaele D'Arco
 
Computer Virus
Computer VirusComputer Virus
Computer VirusRabab Munawar
 
What Is Spyware?
What Is Spyware?What Is Spyware?
What Is Spyware?Lookout
 
Computer viruses
Computer virusesComputer viruses
Computer virusesaagmansaini
 

Was ist angesagt? (20)

Owasp Top 10 Mobile Risks
Owasp Top 10 Mobile RisksOwasp Top 10 Mobile Risks
Owasp Top 10 Mobile Risks
 
Course Final Project on OceanLotus by Lino Lazarous Marino Ija
Course Final Project on OceanLotus by Lino Lazarous Marino IjaCourse Final Project on OceanLotus by Lino Lazarous Marino Ija
Course Final Project on OceanLotus by Lino Lazarous Marino Ija
 
Threat Actors - Vietnam (OceansLotus).pptx
Threat Actors - Vietnam (OceansLotus).pptxThreat Actors - Vietnam (OceansLotus).pptx
Threat Actors - Vietnam (OceansLotus).pptx
 
Anti-tampering in Android and Take Look at Google SafetyNet Attestation API
Anti-tampering in Android and Take Look at Google SafetyNet Attestation APIAnti-tampering in Android and Take Look at Google SafetyNet Attestation API
Anti-tampering in Android and Take Look at Google SafetyNet Attestation API
 
Introduction to Xamarin.Forms
Introduction to Xamarin.FormsIntroduction to Xamarin.Forms
Introduction to Xamarin.Forms
 
Computer viruses
Computer virusesComputer viruses
Computer viruses
 
Malware
MalwareMalware
Malware
 
Computer software
Computer softwareComputer software
Computer software
 
Computer virus
Computer virusComputer virus
Computer virus
 
malware analysis
malware analysismalware analysis
malware analysis
 
Computer virus
Computer virusComputer virus
Computer virus
 
Music on cloud
Music on cloudMusic on cloud
Music on cloud
 
Computer virus
Computer virusComputer virus
Computer virus
 
Computer virus (Microsoft Powerpoint)
Computer virus (Microsoft Powerpoint)Computer virus (Microsoft Powerpoint)
Computer virus (Microsoft Powerpoint)
 
Analisi del Ransomware WannaCry
Analisi del Ransomware WannaCryAnalisi del Ransomware WannaCry
Analisi del Ransomware WannaCry
 
Rust programming-language
Rust programming-languageRust programming-language
Rust programming-language
 
Computer Virus
Computer VirusComputer Virus
Computer Virus
 
App Development Services
App Development ServicesApp Development Services
App Development Services
 
What Is Spyware?
What Is Spyware?What Is Spyware?
What Is Spyware?
 
Computer viruses
Computer virusesComputer viruses
Computer viruses
 

Ähnlich wie Pegasus.pptx

Advanced Threats in the Enterprise: Finding an Evil in the Haystack
Advanced Threats in the Enterprise: Finding an Evil in the HaystackAdvanced Threats in the Enterprise: Finding an Evil in the Haystack
Advanced Threats in the Enterprise: Finding an Evil in the HaystackEMC
 
Types of malicious software and remedies
Types of malicious software and remediesTypes of malicious software and remedies
Types of malicious software and remediesManish Kumar
 
Information Security 201
Information Security 201Information Security 201
Information Security 201Null Bhubaneswar
 
On-Analyzing-a-Layered-Defense-System
On-Analyzing-a-Layered-Defense-SystemOn-Analyzing-a-Layered-Defense-System
On-Analyzing-a-Layered-Defense-SystemSarah Rudd
 
Stephanie Vanroelen - Mobile Anti-Virus apps exposed
Stephanie Vanroelen - Mobile Anti-Virus apps exposedStephanie Vanroelen - Mobile Anti-Virus apps exposed
Stephanie Vanroelen - Mobile Anti-Virus apps exposedNoNameCon
 
Spyware presentation by mangesh wadibhasme
Spyware presentation by mangesh wadibhasmeSpyware presentation by mangesh wadibhasme
Spyware presentation by mangesh wadibhasmeMangesh wadibhasme
 
Identifying, Monitoring, and Reporting Malware
Identifying, Monitoring, and Reporting MalwareIdentifying, Monitoring, and Reporting Malware
Identifying, Monitoring, and Reporting MalwareTeodoro Cipresso
 
Advanced Endpoint Protection
Advanced Endpoint ProtectionAdvanced Endpoint Protection
Advanced Endpoint ProtectionMustafa YÜKSEL
 
Viruses & Malware: Effects On Enterprise Networks
Viruses & Malware: Effects On Enterprise NetworksViruses & Malware: Effects On Enterprise Networks
Viruses & Malware: Effects On Enterprise NetworksDiane M. Metcalf
 
Ceis 9 padeep kumar_final_paper
Ceis 9 padeep kumar_final_paperCeis 9 padeep kumar_final_paper
Ceis 9 padeep kumar_final_paperAlexander Decker
 
(Training) Malware - To the Realm of Malicious Code
(Training) Malware - To the Realm of Malicious Code(Training) Malware - To the Realm of Malicious Code
(Training) Malware - To the Realm of Malicious CodeSatria Ady Pradana
 
Malware analysis and detection using reverse Engineering, Available at: www....
Malware analysis and detection using reverse Engineering, Available at: www....Malware analysis and detection using reverse Engineering, Available at: www....
Malware analysis and detection using reverse Engineering, Available at: www....Research Publish Journals (Publisher)
 
Ransomware Trends 2017 & Mitigation Techniques
Ransomware Trends 2017 & Mitigation TechniquesRansomware Trends 2017 & Mitigation Techniques
Ransomware Trends 2017 & Mitigation TechniquesAvinash Sinha
 
RRB JE Stage 2 Computer and Applications Questions Part 5
RRB JE Stage 2 Computer and Applications Questions Part 5RRB JE Stage 2 Computer and Applications Questions Part 5
RRB JE Stage 2 Computer and Applications Questions Part 5CAS
 
Spyware powerpoint
Spyware powerpointSpyware powerpoint
Spyware powerpointgalaxy201
 
Cyber Security DepartmentGraduation Project (407422)
Cyber Security DepartmentGraduation Project (407422)Cyber Security DepartmentGraduation Project (407422)
Cyber Security DepartmentGraduation Project (407422)OllieShoresna
 
Malware Detection Module using Machine Learning Algorithms to Assist in Centr...
Malware Detection Module using Machine Learning Algorithms to Assist in Centr...Malware Detection Module using Machine Learning Algorithms to Assist in Centr...
Malware Detection Module using Machine Learning Algorithms to Assist in Centr...IJNSA Journal
 

Ähnlich wie Pegasus.pptx (20)

Advanced Threats in the Enterprise: Finding an Evil in the Haystack
Advanced Threats in the Enterprise: Finding an Evil in the HaystackAdvanced Threats in the Enterprise: Finding an Evil in the Haystack
Advanced Threats in the Enterprise: Finding an Evil in the Haystack
 
Types of malicious software and remedies
Types of malicious software and remediesTypes of malicious software and remedies
Types of malicious software and remedies
 
Mitppt
MitpptMitppt
Mitppt
 
Information Security 201
Information Security 201Information Security 201
Information Security 201
 
On-Analyzing-a-Layered-Defense-System
On-Analyzing-a-Layered-Defense-SystemOn-Analyzing-a-Layered-Defense-System
On-Analyzing-a-Layered-Defense-System
 
Stephanie Vanroelen - Mobile Anti-Virus apps exposed
Stephanie Vanroelen - Mobile Anti-Virus apps exposedStephanie Vanroelen - Mobile Anti-Virus apps exposed
Stephanie Vanroelen - Mobile Anti-Virus apps exposed
 
Spyware presentation by mangesh wadibhasme
Spyware presentation by mangesh wadibhasmeSpyware presentation by mangesh wadibhasme
Spyware presentation by mangesh wadibhasme
 
Identifying, Monitoring, and Reporting Malware
Identifying, Monitoring, and Reporting MalwareIdentifying, Monitoring, and Reporting Malware
Identifying, Monitoring, and Reporting Malware
 
Advanced Endpoint Protection
Advanced Endpoint ProtectionAdvanced Endpoint Protection
Advanced Endpoint Protection
 
Viruses & Malware: Effects On Enterprise Networks
Viruses & Malware: Effects On Enterprise NetworksViruses & Malware: Effects On Enterprise Networks
Viruses & Malware: Effects On Enterprise Networks
 
Ceis 9 padeep kumar_final_paper
Ceis 9 padeep kumar_final_paperCeis 9 padeep kumar_final_paper
Ceis 9 padeep kumar_final_paper
 
(Training) Malware - To the Realm of Malicious Code
(Training) Malware - To the Realm of Malicious Code(Training) Malware - To the Realm of Malicious Code
(Training) Malware - To the Realm of Malicious Code
 
Malware analysis and detection using reverse Engineering, Available at: www....
Malware analysis and detection using reverse Engineering, Available at: www....Malware analysis and detection using reverse Engineering, Available at: www....
Malware analysis and detection using reverse Engineering, Available at: www....
 
Ransomware Trends 2017 & Mitigation Techniques
Ransomware Trends 2017 & Mitigation TechniquesRansomware Trends 2017 & Mitigation Techniques
Ransomware Trends 2017 & Mitigation Techniques
 
RRB JE Stage 2 Computer and Applications Questions Part 5
RRB JE Stage 2 Computer and Applications Questions Part 5RRB JE Stage 2 Computer and Applications Questions Part 5
RRB JE Stage 2 Computer and Applications Questions Part 5
 
UNIT-4.docx
UNIT-4.docxUNIT-4.docx
UNIT-4.docx
 
Spyware powerpoint
Spyware powerpointSpyware powerpoint
Spyware powerpoint
 
Cyber Security DepartmentGraduation Project (407422)
Cyber Security DepartmentGraduation Project (407422)Cyber Security DepartmentGraduation Project (407422)
Cyber Security DepartmentGraduation Project (407422)
 
[IJET-V1I6P6] Authors: Ms. Neeta D. Birajdar, Mr. Madhav N. Dhuppe, Ms. Trupt...
[IJET-V1I6P6] Authors: Ms. Neeta D. Birajdar, Mr. Madhav N. Dhuppe, Ms. Trupt...[IJET-V1I6P6] Authors: Ms. Neeta D. Birajdar, Mr. Madhav N. Dhuppe, Ms. Trupt...
[IJET-V1I6P6] Authors: Ms. Neeta D. Birajdar, Mr. Madhav N. Dhuppe, Ms. Trupt...
 
Malware Detection Module using Machine Learning Algorithms to Assist in Centr...
Malware Detection Module using Machine Learning Algorithms to Assist in Centr...Malware Detection Module using Machine Learning Algorithms to Assist in Centr...
Malware Detection Module using Machine Learning Algorithms to Assist in Centr...
 

KĂŒrzlich hochgeladen

🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 

KĂŒrzlich hochgeladen (20)

🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 

Pegasus.pptx

  • 2. AGENDA  What is Pegasus  When it was discovered  Trident vulnerability  How it works  Who was targeted  Prevention and mitigation
  • 3. What is Pegasus  Pegasus is spyware that aids in cyber-espionage developed by the NSO Group of Israel. Recent investigations reveal that Pegasus was used as a surveillance tool targeting high-profile Government representatives, officials, human rights activists, journalists, and even Heads of State. Spyware is software designed to intrude on target devices, gather information about them, and then transfer it to the handlers or Threat Actors via encrypted channels. Threat Actors could be individuals or groups with malicious intent to target flaws in systems for personal or other gains. Threat Actors might be cybercriminals looking for financial gains or groups backed by nation-states. The latter are called Advanced Persistent Threats (APTs). APTs usually have a high level of sophistication, resources, and planning.
  • 4. When it was discovered ?  Pegasus was discovered in August 2016 after a failed installation attempt on the iPhone of a human rights activist led to an investigation revealing details about the spyware, its abilities, and the security vulnerabilities it exploited. News of the spyware caused significant media coverage. It was called the “most sophisticated” smartphone attack ever, and marked the first time that a malicious remote exploit using jailbreak to gain unrestricted access to an iPhone had been detected. This version of the spyware infected smartphones using a technique called “spear- fishing”: text messages or emails containing a malicious link were sent to the target. It depended on the target clicking the link—a requirement that was done away with in subsequent version.
  • 5. Trident Vulnerability  The software contains multiple zero-day vulnerabilities, referred to here as Trident, used against iOS 9.3.3, each of which would have worked against 9.3.4 as of the date of discovery. With the 9.3.5 patches, these vulnerabilities will no longer work 1) CVE-2016-4657: Memory Corruption in Safari WebKit A memory corruption vulnerability exists in Safari WebKit that allows an attacker to execute arbitrary code. Pegasus exploits this vulnerability to obtain initial code execution privileges within the context of the Safari web browser. 2) CVE-2016-4655: Kernel Information Leak Circumvents KASLR Before Pegasus can execute its jailbreak, it must determine where the kernel is located in memory. Kernel Address Space Layout Randomization (KASLR) makes this task difficult by mapping the kernel into different and unpredictable locations in memory. In short, before attacking the kernel, Pegasus has to find it. 3) CVE-2016-4656: Memory Corruption in Kernel leads to Jailbreak The third vulnerability in Pegasus’ Trident is the one that is used to jailbreak the phone. A memory corruption vulnerability in the kernel is used to corrupt memory in both the 32- and 64-bit versions. The exploits are performed differently on each version
  • 6. How it works  The attack is composed of three separate stages that include both the exploit code and the surveillance software. The stages are regular; each stage is expected to successfully decode, exploit, install, and run the following stage. Each steps leverages one of the vulnerabilities in order to function successfully.  Stage 1 Delivery and WebKit vulnerability: This step comes down over the initial URL in the form of an HTML file (1411194s) that uses a vulnerability (CVE-2016–4657) in WebKit (used in Safari and other browsers).
  • 7.  Stage 2 Jailbreak: This step is downloaded from the first stage code based on the device type (32-bit vs 64-bit).Stage 2 is downloaded as an obfuscated and encrypted package. Each package is encrypted with unique keys at every download, making conventional network-based restrictions weak. It includes the code that is required to utilize the iOS Kernel (CVE-2016–4655 and CVE-2016– 4656) and a loader that downloads and decrypts a package for stage 3.  Stage 3 Reconnaissance software: This step is downloaded by stage 2 and is also based on the device type (32-bit vs 64-bit). Stage 3 contains the surveillance software, daemons, and other processes that are used after the device has been jail broken in stage 2. Stage 3 establishes the hooks into the applications the attacker wants to spy on. Additionally, stage 3 detects if the device was previously jail broken by another program and, if so, kills any way to the device that the jailbreak grants, such as via SSH. The software also holds a failsafe to eliminate itself if certain circumstances are present.
  • 8.
  • 9. Who was targeted  The targets mentioned in the recent Pegasus attack coverage were human rights activists, journalists involved in high-profile investigations, ministers and opposition leaders from various countries, and the Heads of State or their associates. The data leak of approximately 50,000 numbers confirmed the potential surveillance targets in multiple countries around the world.  Governments of various countries, including India, Israel, Hungary, Morocco, Rwanda, UAE, Saudi Arabia, Spain, Azerbaijan, Bahrain, Kazakhstan, and Mexico, have been named in the data leak for using Pegasus
  • 10. Prevention and mitigation  Since it is challenging to detect the presence of Pegasus once it infects a system, prevention is the best defense. Here are a few things to keep in mind to protect devices from Pegasus.  Open links only from trusted sources.  Contact your IT support immediately if you spot something amiss in any of your devices.  Always have an up-to-date Antivirus solution from a reputed security organization on your device.  Be aware of any new services, apps that have come up on your device recently.
  • 11.  In case you are suspicious of a Pegasus attack, you can use tools like the one shared by Amnesty International called the Mobile Verification Toolkit or MVT that can decrypt iOS backups, process and parse records from iOS systems, generate JSON logs, amongst other things, to identify a potential infection and compromise.