WatchGuard Blog

The Impact of Mobile Spyware on Endpoint Protection

The discovery of the Pegasus spyware demonstrated that no system is 100% secure or inaccessible, especially when it was discovered that this malicious program mainly affected iPhones. Apple has long boasted about the security of its iOS platform; however, a security breach – already fixed by the California-based company through an emergency update – allowed the dreaded spyware to access its mobile phones by launching zero-click attacks (which don’t require the victim to click on a link or file) and are even more serious. This discovery has highlighted the risk of using mobile phones in the workplace, raising the question of how we can do this safely. 

Pegasus, spyware developed by security company NSO Group 

This malicious program accesses mobile content by exploiting an existing vulnerability in Apple's messaging platform, iMessages. Although Pegasus is an old acquaintance – the software began operating in 2016 – the extent of its impact and the serious threat it poses only became known last August. It hit journalists, lawyers, politicians... this spyware spread far and wide without users realizing it.  

What happens once Pegasus accesses a device? This spyware has access to the GPS and all the iPhone's sensors, as well as all the information contained in it, making it a powerful tool in the service of espionage. NSO Group, the Israeli security firm that created it, is not responsible for any malicious use of this software, as it claims it was developed to be used by governments and military agencies. Nonetheless, and from the point of view of organizations, Pegasus delivers a serious warning about the importance of protecting endpoints and making sure we don’t let our guard down. 

How to protect endpoints from these types of threats 

Until the advent of mobile phones, IT cybersecurity managers knew exactly where the border to protect was; in other words, the point where the internal and external networks met. Protecting that border with a firewall sufficed to keep the bulk of the threats under control. However, with the exponential growth in the use of mobile phones, this barrier has been diluted. At what point does mobile use stop being personal and become work-related? "There are many ways to address this problem," explains Trevor Collins, security analyst at WatchGuard. "The most restrictive way is to ban the use of mobile phones to connect to corporate networks altogether and the most permissive is to allow them to be freely accessible," he explains. 

So, what's the best way to balance security with mobile use? “We propose a solution that falls somewhere in the middle of these two options," suggests Collins. Assuming that no system is completely impregnable, the WatchGuard analyst proposes the following combined strategy to address this issue: 

  • Set up usage policies. Explicitly prohibit employees from sending passwords, tokens or certificates via messaging apps or email on the mobile device. Collins suggests using a password manager instead.  
  • Educate about cyberthreats. Educating the organization's employees about how hackers behave and exactly what they are looking for is an important warning barrier, as this will make an unexpected link more suspicious. Collins insists that it is not costly for the organization to keep employees informed about the latest cyberattacks targeting mobile devices. 

  • Protect yourself with security tools. Use MFA authentication to protect against password theft and phishing, and Zero-Trust architecture, in which only certain servers in the organization can be accessed via mobile phones. 

Apart from following this sound advice, implement endpoint protection with advanced security technologies such as WatchGuard EPDR, a solution that unifies endpoint protection (EPP) with detection and response (EDR) in the event of a cyberattack such as the Pegasus threat.