Microsoft, Google, WhatsApp vs Cyber Mercenaries, and Your Cyber Security

Earlier this week, Tom Burt, corporate vice president of ‘customer security and trust’ at Microsoft, published a blog post expressing the company’s support towards WhatsApp in its legal battle against the Israeli NSO Group. With this, Microsoft officially joined a league of the world’s most prominent technology companies in fighting cyber mercenaries. The case harks back to the notorious Pegasus hack that ran riot on WhatsApp, targeting journalists and human rights activists on behalf of governments. The term itself seems about right, referring to Tim Maurer’s novel titled Cyber Mercenaries – The State, Hackers and Power.

The intention, hence, is pretty clear – technology companies are sitting up and officially taking note of the present cyber security climate. Organisations such as the NSO Group have till date flaunted governmental immunity, stating that it builds specialised and highly sophisticated cyber espionage tools at the request of nations. These tools, in turn, are used by national governments to carry out strategic cyber warfare on targets. As a result, the NSO Group has so far claimed immunity from legal prosecution, citing its contribution to state-backed cyber operations as classified information. Now, technology majors such as the Facebook-owned WhatsApp, along with Google, Cisco, VMWare and now Microsoft, have joined the fray.

The state of today’s cyber security

Such a move may not result in immediate, direct benefits in prosecuting cyber threat actors, especially those with nation-backed funds and motives. However, it underlines the state of cyber security around the world today. Keeping aside the major privacy issues of Big Tech, cyber threats today exist in consumer apps strewn across Android’s Google Play Store, and in numerous third party websites. These threats include spyware such as Pegasus, which often deploy zero-click tactics and exploit zero-day vulnerabilities to secretly install on smartphones.

Such attacks then deploy common cyber attack tactics, such as privilege escalation to gain high level access in devices. Such access, such as what NSO’s Pegasus took in systems it infiltrated via WhatsApp, would allow these spyware to gain…