Spyware
Spyware is malicious software installed on a computer without your knowledge, and it’s used to collect your private information. Spyware comes in many forms.
When you think of a Cyber Attack what’s the first thing that comes to mind?
Probably the sterotypical
hoodied hacker
infiltrating your personal
computer and stealing
sensitive data like:
- passwords
- financial information
- social security numbers
- and the like. This kind of attack involves spyware.
Let’s Dig In.
Less concerning spyware includes adware, which generates unwanted
advertising like pop-ups and tracking cookies, which track sites the user has visited. However, some spyware has serious consequences.
A few of these nefarious types are:
- Keyloggers
- Rootkits
- Remote Access Trojans (RATs)
Keyloggers
Keystroke logging hardware
or software tracks and records every keystroke entry a user
makes on their computer.
It’s not always necessarily
malicious, as some keyloggers are legitimate IT monitoring tools, but more often than not, it’s used by hackers to capture sensitive information to exploit
unsuspecting users.
Rootkits
A rootkit is a software collection typically designed
to enable administrator-level access to a computer and
often masks its existence.
This unauthorized access
can allow existing software
to be modified, including software that might
otherwise be used to
detect or circumvent it.
Rootkits typically enter a computer through a Trojan horse virus, suspicious email attachment, or the installation of a “special” plugin (pretending to be legitimate) needed to correctly view
a webpage.
Remote Access Trojans (RATs)
RATs are a common form of spyware that give attackers complete control over a
victim’s system.
They can be used to steal sensitive information, spy on victims through the system’s microphone and web camera, and remotely control the computers they infect.
Social engineering and spear phishing are common ways RAT attacks are carried out.
Look out for anyone trying to convince you to give up personal information, and be wary of emails, even from trusted sources, containing unrequested links and downloads.
Let’s
Get
Real.
NSO Group Technologies, an internet software security solutions company that operates in the international intelligence field, created
a proprietary monitoring tool called Pegasus.
Pegasus
was discovered to have been used in a targeted attack on human rights activists through a malicious
link texted to an iOS phone.
Clicking on the link
allowed Pegasus to be installed on the device
gathering all
communications
and locations
on the targeted phones including data from:
- Gmail, Facebook
- iMessage, Viber,
WhatsApp, Telegram - Skype communications
Once the phone was infected,
spies could actively
spies could actively
record
with the phone’s
microphone or
video camera,
grab
personal data
like calendars,
contacts, and
passwords, or
download
all the data
on the device
including emails, photos,
and browser history.