January 2025

Cyber threats
Barometer

Every month, cyber threats as seen by Gatewatcher’s CTI analysts
Le Lab Gatewatcher D
218 001
Identified Indicators of Compromise (IOCs)
169 797
Identified compromise reports (sum of IoCs)

Highlight of the month

.

Among the spyware, including historical infostealers or keyloggers, that we regularly hear about when data is stolen from companies, we also find so-called “commercial” spyware targeting cell phones. Their evolution, particularly on iOS devices, is an illustration of the growing sophistication of IT threats over the last decade.

The Pegasus spyware developed by Israeli company NSO Group and discovered in 2016, marked a first turning point by demonstrating its ability to infiltrate personal phones via then-unknown vulnerabilities. Since then, other players have emerged, such as Cytrox and its Predator tool, expanding the commercial spyware market. This malware is capable of recovering and exfiltrating the memory content of messaging applications such as WhatsApp, Telegram and Signal, which are considered secure.

Infection methods have also evolved, from exploits requiring one or more user actions to so-called “Zero-click” attacks requiring no victim involvement in the infection chain. In response, companies have stepped up security measures to protect their users.
Independent proactive detection initiatives have also emerged, such as iVerify, an EDR solution for cell phones that recently identified several Pegasus infections on iOS and Android devices.

Despite these efforts, the spyware market continues to attract, as demonstrated by the recent acquisition of startup Paragon by an American investment company for several hundred million dollars.The democratization of these tools has been made possible by the rise of private companies against a backdrop of global tensions. Initially developed to combat terrorism by state actors, the use of spyware has moved towards more extensive surveillance of a country’s political life, including political opponents, journalists and activists. While some European Union governments have been targeted by external intelligence, member states such as Poland have also used Pegasus within their own countries, targeting opposition leaders in particular.

This dynamic underlines the persistent, even growing, demand for surveillance tools, and the need for vigilance.

TOP

COMMON VULNERABILITIES & EXPOSURES  (%)

TOP

TARGETED BUSINESS SECTORS (%)

Definition of the month

Spyware is a family of malware that usually forms part of a complex attack chain, targeting companies to steal login information or sensitive data. They can remain stealthy or disguise themselves as legitimate applications such as antivirus software or browser extensions. One of the most famous spywares to date is undoubtedly Emotet, whose functionalities include stealing passwords and e-mail attachments.

This category now includes so-called “commercial” spyware. Developed and sold legally by the private sector as a surveillance tool, they exploit security flaws or zero-click attacks to infiltrate business or personal cell phones. Once installed, they can monitor communications, record keystrokes or access files, then exfiltrate the data to the attacker.

TOP

MALWARE FAMILIES (%)

TOP

THREAT CATEGORIES (%)

About the Cyber Threat Barometer

Malware, critical vulnerabilities, advanced persistent threats, industries particularly targeted, weak signals of emerging attacks…It’s no secret that knowledge of one’s adversary is a key factor for the security of an enterprise. The Cyber Threats Barometer gives you a monthly overview of the cyber threats detected by Gatewatcher CTI, our Cyber Threat Intelligence platform.

Gatewatcher CTI’s automated collection, analysis and correlation engines are continuously fed by more than 4000 data sources from multiple channels: social networks, specialized sites, dark and deep web. They make threat information available an average of 24 hours in advance of the competition and help operational response teams make better decisions by dramatically reducing their analysis and incident treatment times.

Ask for a demo

Cyber Threats Barometer: Your monthly cyber threats overview as seen by Gatewatcher’s CTI analysts