Mobile spyware attacks are on the rise globally. That's why you should treat your phone like a computer, according to this cybersecurity expert. In the last decade, spyware tools have been repeatedly found on the phones of journalists, activists, and politicians, including US officials, raising concerns over the unprecedented proliferation of spyware technologies and, subsequently, the lack of protections within the tech space amid growing threats. Last Friday, Meta's WhatsApp revealed that it had discovered a hacking campaign targeting about 90 users, mostly journalists and civil society members across two dozen countries. According to a WhatsApp spokesperson, the Israeli spyware company Paragon Solutions -- now acquired by Florida-based private equity firm AE Industrial Partners -- was behind the attack Graphite, Paragon's spyware, was found to have infiltrated WhatsApp groups by simply sending users a malicious PDF attachment. Without users' knowledge, it can access and read messages on encrypted applications like WhatsApp and Signal. This is also known as a zero-click attack, which means that targets do not have to take any actions for their devices to become compromised. In contrast, phishing or one-click attacks require user interaction with a malicious link or attachment. Once a phone is infected with a zero-click capability, the operator of the attack can secretly gain total access to the phone by exploiting a security vulnerability. In an interview with ZDNET, Rocky Cole, co-founder of mobile threat protection company iVerify, said that "in the case of graphite, via WhatsApp, some kind of payload, like a PDF or an image, [was sent to the victims' devices] and the underlying processes that receive and handle those packages have vulnerabilities that the attackers exploit [to] infect the phone." While public reporting does not specify "whether graphite can engage in privilege escalation [vulnerability] and operate outside WhatsApp or even move into the iOS kernel itself, we do know from our own detections and other work with customers, that privilege escalation via WhatsApp in order to gain kernel access is indeed possible," Cole said. iVerify has uncovered instances where "a number of WhatsApp crashes on [mobile] devices [they're] monitoring with iVerify" have appeared to be malicious in nature, leading the iVerify team to believe that the malicious attacks are "potentially more widespread" than just the 90 people reported to have been infected by graphite. While the WhatsApp attack was predominantly launched against members of civil society, mobile spyware is an emerging threat against everyone because mobile exploitation is more widespread than one might think, Cole said. Moreover, "the result is an emerging ecosystem around mobile spyware development and an increasing number of VC-backed mobile spyware companies are 'under pressure to become profitable enterprises,'" he said. This ultimately "creates marketing competition" for spyware merchants and "lowers barriers" that would deter these mobile exploitation attacks. Just a month ago, WhatsApp won a lawsuit against NSO after a federal judge in California found that NSO was exploiting a security vulnerability within the messaging app to deliver Pegasus. The infamous NSO Group -- known for infecting the phones of journalists, activists, and Palestinian rights organizations -- has used similar zero-click capabilities through their Israeli-made Pegasus spyware, a commercial spyware and phone hacking tool. Historically, the NSO Group has avoided selling to US-based clients and has also been banned by the US Commerce Department under the Biden administration for allegedly supplying spyware to authoritarian governments. However, "shifting political dynamics [under the Trump administration] raises the possibility that spyware may become more prevalent in the United States" -- exacerbating mobile exploitation. Visit OUR FORUM for further updates as they become available.

You have been warned. The 2025 threat landscape is set for an AI revolution, and whatever defenses you have in place will almost certainly not be good enough. Nowhere is this more true than with our email platforms at home and especially at work. “Email is the most common cyberattack vector for businesses,” a new cyber insurance report has just reinforced, “serving as the most prevalent initial entry point to launch financial fraud, ransomware, and data breach attacks.” Despite all the cyber noise, sometimes a stat or datapoint still has the potential to stand out. And so it is with the latest report from At-Bay, lauding the benefits of email that’s more secure by default. Maybe there’s some hope after all. At home there are checks you can do that will help you review your settings and make recommendations — Google’s account security check-up, for example. But at work it’s more complex, given that many of these settings will fall to your IT department to control. But that flexibility comes at a price. “At-Bay strongly recommends transitioning to a cloud-based email solution to mitigate security risks and ensure proactive vulnerability management.” Nothing new here — but that transition to cloud brings the potential for increasingly game-changing defenses to be built around email and for a rethink as to how these platforms operate. We’re not there yet, but this is a step. Gmail scores well in the new report — its security upgrades in recent years are paying off in the real world data collected from actual cyber insurance claims. “Organizations that used Google Workspace,” At-Bay says, “experienced the lowest frequency of incidents on average. Compared to the overall average, Google’s claims frequency was 54% lower.” The insurer highlights features included by default “that may not be the default setting in other email solutions.” These include “real-time scanning for phishing emails and malicious attachments, automatic security updates to protect against vulnerabilities, and integrated threat intelligence to proactively identify and respond to potential threats.” Gmail might be the largest email provider on our planet with its claimed 2.5 billion users, but Workspace does not dominate at work the way Gmail might at home. The point being that there’s no need to play with settings to secure the platform, it’s “a comprehensive and robust security framework out of the box, without requiring additional attention to set up or configure.” Harder to run a comp in the wider world, but this enterprise data does provide some evidence this approach is working, and that the defaults are getting better. The question is how this will evolve to cope with new AI threats heading fast in our direction. As I’ve commented before, email is a second-rate technology that has not evolved at the same pace as almost everything else. We still see too many blatant threats skip through any and all defenses into our inboxes. It’s still to easy for anyone to ping anyone, and new AI innovations make that all the more dangerous by making those threats more realistic. We are now seeing two parallel developments. A hybrid mix of on-device and cloud screening for threats that target our phones in particular, but new AI desktops and laptops can extend this; and new safe browsing innovations that don’t only rely on centrally collated lists. It’s time for an email rethink that evolves email into a more messenger-like platform, and screens emails for threats to a level that doesn’t happen today. This is what Elon Musk has in mind with X-Mail. Realistically, Google and Gmail are best placed to do this first across a huge user base. But in the meantime, these stats are a great ad for fully managed, cloud-based email at home and at work. Whether Gmail or one of the alternatives, if this isn’t what you’re running today then the numbers would suggest it might be time to switch. On that note, the report from At-Bay will be interesting to those administering SMB or enterprise email, where traditional choices may now give way to managed alternatives for the first time. Now, as reported by Bleeping Computer, “Microsoft has reminded admins that Exchange 2016 and Exchange 2019 will reach the end of extended support in October and shared guidance for those who need to decommission outdated servers.” For those on extended support, this could well be an opportunity to explore alternatives — whether from Microsoft or others — to the traditional approaching of rolling forwards the same or next-gen option. Microsoft confirms that “customer installations of Exchange 2016 and Exchange 2019 will of course continue to run after October 14, 2025; however, due to the upcoming end of support date and potential future security risks, we strongly recommend customers act now.” The company suggests migrating to Exchange Online or Microsoft 365. More coverage can be found on OUR FORUM.