The National Counterintelligence and Security Center (NCSC) and the Department of State published joint guidance on how to defend against attacks from commercial surveillance tools. The guidance states that foreign governments have been purchasing such tools for malicious reasons, spying on journalists, dissidents, and several others. Threat actors can infect a targeted device with no action from the device owner. In others, they can use an infected link to gain access to a device. Once infected, threat actors can record audio, including phone calls, track the device’s location, and access nearly all the content on the device. In December 2021, it was reported that members of the Department of State’s phones had been infected with Pegasus Spyware, which was developed by the Israeli based NSO group. Poland also recently admitted to buying the spyware, but denies it was used to target political opponents.
When evaluating a Managed Detection & Response (MDR) service there are 5 critical components that