BleepingComputer reported on May 22, 2022, that Google’s Threat Analysis Group (TAG) has found that state backed threat actors have utilized five zero-day vulnerabilities to install Predator spyware on to fully up-to-date Android devices. The spyware, developed by commercial surveillance developer Cytrox, targets Chrome and the Android OS to install the Predator spyware implants over the course of three campaigns from August to October 2021. To learn more about the spyware from Bleeping Computer, click here
How MTE Could Prevent this
When it comes to zero-day attacks, there is no way to predict where and when they will appear. This is why it is important to consider both the reactive and proactive approaches we are taking to data security. The reactive approach has always been the main form security takes when it comes to zero-days. However, as zero-days continue to grow in complexity and number, it is clear this is simply a defeatist attitude and will not prevent future attacks from devastating victims. Instead, companies must adopt proactive security measures by protecting data where it is created, the application, instead of just in the operating system.
““Zero-days” are unforeseen mistakes in code that can be taken advantage of. There is no way to eliminate “zero-days” because developers are human. Taking a proactive approach to secure data in anticipation of “zero-days” mitigates their effects and reduces reputational risk.” Says Aron Seader, Senior Director of Core Engineering at Eclypses.
Eclypses MTE Technology is a FIPS 140-3 validated application-level security. With MTE, data is protected as soon as it is created, closing a large gap which many hackers take advantage of to perform zero-day attacks. Don’t wait to become the next victim of a zero-day, be proactive in protecting your data.