Q. Consider the following statements regarding Zero-Click attack
1. In this, a hacker will send a fraudulent message which is designed to trick a victim into revealing confidential information or infect their device.
2. These types of attacks are hard to detect and prevent than Phishing.
Which of the above statements is/are correct?

[A] 1 only

[B] 2 only

[C] Both 1 and 2

[D] Neither 1 nor 2

Answer: B
Notes:

Pegasus spyware has evolved from its earlier spear-phishing methods using text links or messages to ‘zero-click’ attacks 

About Zero-click Attack: 

  • A Zero-Click attack helps spyware like Pegasus gain control over a device without human interaction or human error. 
  • Zero-click attacks occur only when an attacker is able to take over a device remotely after successfully exploiting vulnerabilities in the software and hardware of the phone. 
  • So all awareness about how to avoid a phishing attack or which links not to click is pointless if the target is the system itself. 
  • Zero-click attacks are hard to detect given their nature and hence even harder to prevent. Detection becomes even harder in encrypted environments, where there is no visibility on the data packets being sent or received. 

Read more: What are zero-click attacks, and how do you get the better of them?