With the recent findings of the attack of Trident malware for Apple’s iPhones, Microsoft is of the opinion that corporate entities should stop relying on the ability of Apple to protect the secrets they have.
Brad Anderson, Microsoft’s client mobility and vice president for its corporate enterprise made this argument in a publication it made concerning the issue.
The discovery of the malware invasion was made in August after some researcher at Canadian rights group of the Citizen Lab and Lookout, a mobile security firm notified Apple of the invasion which caused Apple to immediately release an emergency security update.
The malware made use of 3 iOS vulnerabilities that were previously-unpatched that was created by NSO Group, an Israeli-founded pen-testing vendor which went on sale as Pegasus, a surveillance product. Middle East government made use of it to get access to human rights activists.
According to Lookout, the malware attack was the highest attack they have witnessed on any endpoint. Anderson also pointed out that NSO Group has enough money to run especially after its acquisition in 2010 by Francisco Partners Management US VC fund that cost more than $100 million.
The Pegasus was sold at $8 million for up to 200 licenses by the NSO Group indicating that the high price was so because it was meant only for top firms senior execs, political dissidents or any target that has high value.
Anderson still on his argument that corporations should stop putting its trust on Apple to protect its secrets with their iOS devices or even Android devices noting that in as much as every company in the mobile operating systems will go to any length unheard of to protect it system from attack, that unfortunately, hackers are equally going to the same extent to make sure to bring to nought the efforts put in by such companies.
Another valid point that Anderson made is that with the Pegasus/Trident issue, cyberattacks has gone commercial offering opposition of a particular mobile device to have access to the weakness of such mobile device.image source: softpedia.com
This is something that has been of major concern to cybersecurity experts which they have been emphasizing for many years now. According to Anderson, a company that wants what a competitor has and cannot build it or make better what their competitor already has will not need to stress itself out anymore, but will head out straight to the cyberattack groups to get a license that will give them access to the secret of their competitor.