For a couple of years now, Apple has been running notification campaigns to warn individuals targeted by spyware, such as the infamous Pegasus, Predator, and Graphite, among others.
Recently, France’s Computer Emergency Response Team issued a public statement urging them to take Apple’s campaign seriously as threat actors pursue journalists, activists, politicians, and civil servants.
But it would be wrong to assume that ordinary people aren’t at risk of being spied on. Cybercriminals now have easy access to spyware, and they don’t discriminate against victims – everyone is of interest to them.
Why High-Profile Individuals Are Targeted
Journalists, politicians, and activists often have access to sensitive information and may have greater influence over public opinion and policy. No wonder it’s they who are targeted the most by spyware.
Spyware campaigns are meticulously planned, they often rely on zero-click exploits and vulnerabilities buried deep within operating systems, avoiding detection and raising no suspicion to the victim.
In such cases, it’s not money that’s at stake.
The Risk to Ordinary Citizens
You might think, “I’m not a journalist or a politician. This doesn’t affect me.” Unfortunately, that’s a dangerous assumption.
You are most likely using the same type of device and apps as the members of your national parliament. In some cases, it doesn’t really matter who owns the phone – cybercriminals will try their luck all the same.
The vulnerabilities that attackers exploit for zero-click attacks or memory corruption affect large numbers of devices globally.
Recent research by the Atlantic Council and CERT-FR shows the spyware industry is booming. Investment in spyware technology is skyrocketing, expanding the number of vendors and resellers worldwide.
The US has emerged as the largest investor in commercial spyware, this way fueling the rapid expansion of a global surveillance industry.
This market boom shows that it’s not only governments using these technologies anymore. Cybercriminal gangs and other threat actors deploy spyware more broadly. These attacks are not necessarily targeted, but rather opportunistic in nature.
Why would anyone other than governments want to spy on you? Well, it could also be a stalker, a violent partner, or an extortionist lurking in your device. Beyond domestic abuse, spyware is also often used to facilitate financial fraud.
This can lead to devastating personal consequences far removed from high-profile geopolitical battles.
What Ordinary Users Should Take Away
The bottom line is that no one is immune to spyware threats. Both high-profile targets and ordinary citizens are exposed to the same vulnerabilities and increasingly aggressive and widespread surveillance tactics.
Here’s how to protect yourself against spyware:
- Keep your devices and software up to date
- Enable multi-factor authentication of all accounts
- Prioritize privacy-focused apps and encrypted communications
- Limit app permissions and constantly review them
There are also a few telltale signs of spyware (or other types of malware) on your phone:
- Increased data usage
- Unusually fast battery drain
- Sluggish device performance
- Unfamiliar apps on the phone
- Randomly flashing camera light indicating it’s on
Spyware often hides in plain sight, undetected by traditional security measures. It is a violation of basic human rights, as it can take full control of our devices where our lives are stored.
The scariest part is that you don’t even need to click on a malicious link to be infected. Consider not storing your sensitive information on your devices and act online as if your words and actions are public.
