Sunday, 16 January 2022

Pegasus Spyware: What you should know

EC-Council Exam Prep, EC-Council Preparation, EC-Council Learning, EC-Council Career, EC-Council Guides, EC-Council Skills

There has been a lot of fuss in the name of the Pegasus spyware. But before we dive in, it is worth mentioning that the name “Pegasus”, belongs to the winged horse from Greek mythology. Legend has it that wherever the winged horse struck his hoof, a water spring burst forth.

Presently, people associate this with the most powerful spyware developed by a private company. Once the Pegasus spyware is covertly installed onto a phone, it turns that phone into a 24-hour surveillance device. The operator of the tool can copy messages that the owner of the phone sends or receives, get access to photos, and record calls. The Pegasus spyware can film secretly through the phone’s camera and even activate the microphone to record conversations. It can use the phone’s GPS to potentially pinpoint the location of the owner of the phone in real-time.

Who developed the Pegasus spyware and why?

An Israeli private company, NSO Group, developed and markets the Pegasus spyware. Given the havoc the spyware can cause, NSO Group licenses this product only to government intelligence agencies and law enforcement agencies after doing due diligence.

The NSO Group says that the Pegasus spyware helps prevent terrorism, breaks up criminal operations, finds missing persons and assists search and rescue teams. Mexico, the first client of the Pegasus spyware, had used it to fight the drug cartels. Notorious Mexican drug lord, Joaquin Guzman Loera, better known as El Chapo, was arrested with the help of this hacking software.

Why is the Pegasus spyware so special?

Pegasus is a world-leading cyber intelligence solution that enables intelligence agencies and law enforcement agencies to remotely and covertly extract data from any mobile device, be it android or IOS.

Until early 2018, NSO Group’s clients had to rely on SMS and WhatsApp messages to trick targets into opening a malicious link that would infect their phones with this malware. Since then, the Pegasus spyware’s attack capabilities have become much more improved. Infections can now be achieved with “zero-click” attacks. This means that the spyware can now be installed in a phone without requiring any interaction with the phone’s owner.

The hacking software can achieve such “zero-click” installations in several ways. One option is to send a push message covertly that makes the target device load the spyware, with the device’s owner completely unaware of the installation. These attributes differentiate Pegasus spyware from any other spyware available in the market.

When neither phishing nor “zero-click” attacks succeed, spies can install Pegasus spyware with the help of a wireless transceiver located near the target or simply by getting hold of the target’s phone in his/her absence.

Once installed, the Pegasus spyware contacts the attacker’s command-and-control servers to receive and carry out instructions and send the target’s private data to the attacker, including contact lists, calendar events, passwords, text messages, and live calls, even those which are end-to-end encrypted.

The Pegasus spyware only sends scheduled updates to avoid extensive bandwidth consumption that may alert the client and prevent detection by anti-virus software; it also evades forensic analysis, allowing the attacker to deactivate the spyware as and when necessary.

How did the controversy start?

In July 2021, Amnesty International, a London-based NGO, along with 17 media outlets worldwide, released a report on how the Pegasus Spyware was being used to snoop on Human Rights Activists, journalists, lawyers, and politicians by authoritarian governments in various countries.

Forbidden Stories, a Paris-based non-profit media organization, and Amnesty International claimed access to a leaked list containing over 50,000 phone numbers of people under the radar. They shared this list with their 17 media partners as part of the “Pegasus Project,” a reporting consortium.

Is the claim based on flimsy ground?

Amnesty International never disclosed the source of the leak and what type of test scans were carried out to establish the integrity of the data. The consortium claimed to have identified only 1000 telephone numbers out of 50,000. The phone number on the list did not reveal whether the device was infected by Pegasus or subjected to an attempted hack.

Amnesty International’s statement that its test scan methodology could not scan Android devices sounds bizarre and raises serious doubts about the integrity of the scan process itself. Also, the consortium had not shared the country-wise break-up of the phone numbers for snooping. This, even though Citizen Lab, an interdisciplinary laboratory based at the University of Toronto, had claimed that the Pegasus Spyware was used by 45 countries. It would be worth mentioning here that Amnesty International and Citizen Lab have a history of working together.

Forbidden Stories and Amnesty International had drawn their conclusion based on the forensic analysis of 67 phones out of the 50,000 phone numbers on the list, providing no details about the identity of these phone numbers.

The question that remains unanswered is how many of these 67 phone numbers belonged to employees or associates of Amnesty International, Forbidden Stories, Citizen Lab, and the seventeen media partners of the consortium?

What were the repercussions?

Despite the declaration by the consortium that the mere presence of the phone numbers in the leaked list is not proof of infection or snooping, serious allegations were leveled on eleven countries, including Mexico, United Arab Emirates, Saudi Arabia, Morocco, Bahrain, Kazakhstan, India, and Hungary. Based on the sample size of sixty-seven, the consortium concluded that these countries were guilty of large-scale snooping-a preposterous and outrageously scandalous claim.

As a result of this claim, mass hysteria broke loose. Media outlets persuasively reported global abuse of this cyber-surveillance weapon. Opposition parties took this opportunity to put democratically elected governments under pressure, and everybody started fearing that hackers will hack their phones. There was enough hue and cry for the entire world to know about Pegasus’s flight from Greek mythology to the complicated world of spyware.

These are some of the news that has been reported by “The Pegasus Project” (as reported by “The Guardian” a British newspaper and one of the seventeen media outlets):

◉ The mobile phone of a British lawyer and human rights campaigner named David Haigh, who fought to free Dubai’s Princess Latifa, was compromised by the Pegasus spyware.

◉ There has been a call for ministers in Hungary to resign in the wake of Pegasus revelations.

◉ Pegasus spyware was found on journalists’ phones in France.

◉ The USA has voiced concerns with the Israeli officials regarding Pegasus revelations.

◉ Israeli authorities have inspected NSO Group offices after Pegasus revelations.

◉ Investors of the NSO Group are in talks to transfer the Management of funds.

What is the NSO Group saying?

The NSO Group told ANI, “Where is the proof? We are used to these accusations. No proof is given, they are relying on nothing. They approached us saying fifty thousand targets of Pegasus were noticed. This is ridiculous! We sell the licenses, we know that this is an impossibility. What has come out in the reports so far is that out of fifty thousand now they seem to be talking about one-eighty, from one-eighty it has come down to thirty-seven… and now it seems in actuality it is twelve.”

The NSO Group further added, “This is clearly some international conspiracy. The entire idea of Pegasus is to fight terror and crime and those that buy these services are trying to break terror outfits that use end-to-end encryptions. Law agencies have no other way to fight terror than to use credible technology like ours which have several firewalls of regulation and human rights policies and verification processes.”

Source: eccu.edu

Thursday, 13 January 2022

What Are the Benefits of Hands-On Learning?

Hands-On Learning, EC-Council Certification, EC-Council Exam Prep, EC-Council Guides, EC-Council Skills


The world is evolving rapidly, and the way we are transferring, consuming, and utilizing information is also changing. We are on the cusp of a revolution, a new dawn, where traditional learning is dawdling behind, and hands-on learning can help us adapt to this transition. Our students at EC-Council University are already reaping its benefits.

One of the key differentiators between our programs and the traditional bachelor’s and master’s degrees is that our new-age degree programs prepare students for the real-world environment with the help of simulations and projects. So, their  first day in the office doesn’t have them looking lost. To make our courses industry-relevant, we use hands-on learning techniques, which play a vital role in preparing for the challenges ahead. The average age of our students is 36, indicating that cyber security professionals understand the need for upskilling from time to time. 

So, what is Hands-On Learning?

Hands-on learning is a form of education in which students learn by doing, rather than memorizing, from textbooks. Instead of depending on an instructor or professor, they engage with the subject matter to solve problems and create something new.  

At EC-Council University, we use iLabs to reinforce learning by offering a simulated environment with over 400 complete exercises covering Ethical Hacking, Computer Forensics, Penetration Testing, Secure Coding, and even Disaster Recovery!  

Our students get to face real-world cyber threats in the most secure environments, and this experiential endeavor immerses them in the environment and prepares them better than any textbook or lecture.

Is Hands-on Learning beneficial?

Yes, research indicates that learning by immersing in activities offers better practical implementation strategies compared to teaching lessons in a traditional classroom setting.

Some advantages of hands-on learning techniques are:

◉ Hands-on learning creates one of the most engaging learning environments.

◉ This technique develops critical thinking skills of students because it requires students to choose and decide to receive outcomes, and the outcomes shape the learning experience.

◉ Real-world experience and knowledge gets translated. Individuals engage, practice, and visualize better to develop necessary skills and use their learning in real-world settings.

◉ With this method, individuals can find different and more creative ways to find solutions.

◉ Real-world equipment and material is used to design hands-on learning experiences.

What are the benefits of Hands-on Learning for a student of Cyber Security?

Hands-on learning is probably one of the best ways to learn Cyber Security, considering we continue to face unprecedented challenges daily. Joe Biden, President of the United States, expresses the challenge of cyber threats we face, “You know, we’ve seen how cyber threats, including ransomware attacks, increasingly can cause damage and disruption to the real world. I can’t guarantee this, and you’re as informed as I am, but I think it’s more likely we’re going to end up — well, if we end up in a war, a real shooting war with a major power, it’s going to be as a consequence of a cyber breach of great consequence. And it’s increasing exponentially — the capabilities.”

Hence, traditional forms of education are inadequate to prepare cyber warriors for tomorrow. We need to continue to learn and implement in real-time to stay updated and stay relevant.

We recently conducted an alumni survey. Our findings show that 83% of our alumni students benefited from iLabs and that they have taken great strides in their careers. Our survey also shows how important hands-on learning is.

Is Cyber Security still a profitable career path to pursue in 2021? 

The US Bureau of Labor Statistics predicts Cyber Security jobs will grow 31% through 2029, over seven times faster than the national average job growth of 4%. This is not only true for the United States, but is the case around the globe. So, we can safely say that Cyber Security is an extremely profitable career path.

Why should you get an online Cyber Security Degree?

An online Cyber Security degree from EC-Council University comes with a host of benefits. It is flexible, allowing you to complete your degree while working full time and offering value for your time. You get to interact with university faculty and batch mates from around the world. You not only get to grow your network but also learn from the best, regardless of your location.

We understand that modern students need to be industry-ready; hence, all of EC Council’s relevant industry certifications have been included in the various specializations. 

Source: eccu.edu

Saturday, 8 January 2022

Degree Or Certification: How To Secure Your Future In The Cyber Security Sector?

EC-Council Certification, Cyber Security Sector, EC-Council Career, EC-Council Preparation, EC-Council Skills, EC-Council Jobs

With ever-increasing dependence on the online world, especially in the aftermath of the Covid-19 outbreak, cybercrime is one of the most severe problems organizations face today. Cybersecurity Ventures estimates that the annual cost of cybercrime to the global economy will reach $10.5 trillion by 2025. This truth puts every company in danger and makes them susceptible to cyber threats, resulting in damage and destruction of data, significant financial losses, and poor reputation through theft of intellectual property and personal and financial data.

Suppose you look at the ends of the supply and demand balance. On one end, there are over 3.12 million unfilled positions in the Cyber Security sector worldwide, leading to exponential growth and demand for Cyber Security professionals. On the other end, cybercrime continues to pervade the fabric of online businesses, transactions, information, and systems. Organizations need individuals who have the skills and knowledge to secure their confidential data from ever-intensifying cyber threats. Thus, the Cyber Security sector will continue to offer vast potential for individuals who wish to bridge the supply and demand gap in the Cyber Security job market.

Advantages of Cyber Security degree and certifications

According to Burning Glass Technologies, about 84% of Cyber Security jobs require a bachelor’s degree or higher. To secure a future in this ever-growing sector and to develop your expertise in assessing tactical and strategic aspects of information security, you must get a degree that gives you a solid foundation in theoretical and practical knowledge acquisition in the domain of Cyber Security.

The primary responsibility of a Cyber Security professional is to protect vital computer networks and electronic infrastructures from attack. Suppose you choose this profession or wish for a career in this domain. In that case, you need proficiency in current and emerging technologies, like computer and network security, digital forensics, ethical hacking, cryptography, and web security, to grow in the cyber security field.

Burning Glass Technologies further reveals that 59% of all Cyber Security jobs require at least one certification. An ISC2.org report shows that about 86% of Cyber Security professionals are currently pursuing Cyber Security certifications or planning to in the future to maintain and advance their careers. Certifications can propel your career to new heights, make you a valuable asset that every company would want to have, and provide you with real-world applications. In the post-pandemic world, such skills and quality training with value-added credentials will give you an edge over your contenders in this highly competitive sector and secure your jobs in various in-demand positions in the public and private sectors. Studies assert that the Cyber Security domain is lucrative. According to Talent.com, the average salary for a Cyber Security Architect in the US is $143,100 per annum. As per 6figr, the average salary for a Cyber Security Architect in India is ₹32 lakhs per annum.

With EC-Council University (ECCU), you get a degree bundled with certificates, the best of both worlds!

EC-Council Certification, Cyber Security Sector, EC-Council Career, EC-Council Preparation, EC-Council Skills, EC-Council Jobs
ECCU offers highly advanced and future-focused Cyber Security degree programs that are 100% online and with industry certifications embedded in them. You need not look further to equip yourself with the skills necessary to succeed in this futuristic endeavor.

Unlike most courses in this domain, ECCU’s Master of Science in Cyber Security and Bachelor of Science in Cyber Security programs are embedded with up to seven globally respected industry certifications. Both the master’s and bachelor’s programs parallel the knowledge requirements for EC-Council certifications. After successfully completing the degree program, students are eligible to take the certification exams and be industry ready. Thus, ECCU students graduate with not only a degree in Cyber Security but with a string of certifications.

To maximize your career growth, now is the time to prepare yourself for an in-demand Cyber Security job by enrolling yourself in ECCU’s two-in-one Cyber Security programs.

Source: eccu.edu

Thursday, 6 January 2022

4 Popular Misconceptions About Penetration Testing

Penetration Testing, EC-Council Certification, EC-Council Guides, EC-Council Career, EC-Council Preparation, EC-Council Skills, EC-Council Job

Penetration testing (pen-testing) is crucial in enhancing any organization’s safety. However, penetration testers often face questions of whether penetration testing is enough to secure personal and sensitive data. Penetration testing is an authorized full risk assessment that analyzes systems for vulnerabilities to identify possible Cyber Security glitches. It fully comprehends the extent of damage that cyber-criminals could cause to an organization before a breach occurs.

The average cost of a single data breach across all industries worldwide, as of 2020, stood at nearly 4 million U.S. dollars. (Source: Statista.com)

With the help of penetration testing, organizations have a chance to increase their security before malicious attackers destroy or expose critical and sensitive data in the market. However, some organizations put off or avoid penetration testing because of certain misconceptions they have towards penetration testing.

Here are 4 popular misconceptions about penetration testing that must be dispelled immediately:

1. Penetration testing is only for large companies

A 2021 Data Breach Investigation Report by Verizon, shows that small organizations fared less positively at 47%, to find data breaches. (Source: Verizon)

According to the Data Breach Investigation Report by Verizon, over 60% of breaches hit smaller businesses, while according to UPS Capital, a mere 10% of all small businesses provide protection to a customer and business personal data, resulting in a loss of approximately $84,000—$148,000. (can’t find source)

Smaller businesses are not immune to data breaches. Penetration testing helps businesses, irrespective of whether they are small or large, to remain secure from malware attacks like trojans, ransomware, and phishing attacks. Most of these attacks aim to destroy or gain personally identifiable information (PII) or financial benefits.

2. Pen testers have hardly any knowledge about the systems they are targeting

Out of the three types of penetration testing, only one doesn’t provide the penetration testers with knowledge about the system that they are targeting, other than the information that is already freely available to the public. This type of penetration testing is known as black-box testing.

The other two types of testing are:

White box testing: The penetration testers use knowledge about programming code to examine the outputs after having full visibility of what the targeted program is supposed to do.

Gray box testing: The penetration testers have knowledge limited to how the system components function and interact but will not have a comprehensive understanding of the internal program.

3. Pen testing concentrates only on the technical aspects and not physical security.

Traditional penetration testing concentrates on both technical and physical aspects of security. It tests your network, applications, devices, and physical security to simulate a real-world attack by a malicious cyber-criminal, to identify the areas where your security posture can be improved.

Various types of penetration tests conducted for the same are:

Network penetration testing: Identifies network and system vulnerabilities like wireless network vulnerabilities, weak passwords and default accounts, and system misconfigurations.

Application penetration testing: Identifies cross-site scripting (XSS), SQL injection vulnerabilities, and flaws in the HTML code.

Physical penetration testing: Identifies weaknesses in physical security such as locks, cameras, and sensors.

4. Only third-party vendors conduct pen-tests

Penetration tests can be conducted by full-time employees, employees on a contractual basis, or third-party vendors, as long as your company is getting the protection they need.

If you opt to hire a third-party vendor to do your penetration testing, it is advised that a thorough background check on the third-party vendor is conducted. The test conducted should be on a contractual basis, to ensure that exploited data is not misused.

When done right, penetration testing can help organizations remain secure regardless of what industry they cater to or how large or small scale they are.

In this digital age, organizations must move beyond misconceptions, be well-informed about the advantages and disadvantages of penetration testing before making a decision in haste or because of lack of information.

Source: eccu.edu

Tuesday, 4 January 2022

All You Should Know About Cryptojacking

Cryptojacking, EC-Council, EC-Council Exam, EC-Council Exam Prep, EC-Council Preparation, EC-Council Career, EC-Council Guides, EC-Council Learning

All you should know about Cryptojacking – the new cyber threat

The shift of activities to the digital platform has increased across the globe. From working online to financial transactions, most of the population actively uses digital platforms. With the rise of cryptocurrency in recent years, cryptojacking has become more prominent, allowing people to steal, involving lower risk and higher potential for financial gain.

What is Cryptojacking?

Cryptojacking is the unauthorized use of a person’s computer resources to mine cryptocurrency without their knowledge, which may lead to a full-blown ransomware situation. 

Cryptojacking is a malicious hacker technique that harnesses the processing power of computers to mine for cryptocurrency. It is used to steal resources and mine online currencies like Bitcoin. Hackers practice cryptojacking either by getting the victim to click on a malicious link sent to them through an email or by infecting their computer system via an online ad or a website with JavaScript code. With the help of cryptojacking, cybercriminals hack into any user’s laptop, personal computer, mobile device, or business computer network to install malicious software.

What is a Cryptojacking Attack?

Cryptojacking is a process where malicious cryptocurrency miners stealthily embed in a website, causing the visitor’s browsers to run more slowly while another entity mines the currency in the background. It allows cybercriminals to gain financial benefits from using other people’s computers and resources to mine cryptocurrencies, or cybercriminals get paid by advertising agencies for the display of their ads on certain websites.

Over the last couple of years, cryptojacking has become a serious global issue. Companies can prevent cryptojacking by training their IT team, using the anti-crypto mining extension, educating employees about cryptojacking, disabling JavaScript, and using ad blockers to block malicious code.

How does Cryptojacking Work?

Cryptojackers use three methods. They are:

Cryptojacking, EC-Council, EC-Council Exam, EC-Council Exam Prep, EC-Council Preparation, EC-Council Career, EC-Council Guides, EC-Council Learning

i) Browser-Based Cryptojacking

This type of cryptojacking attack takes place directly within a web browser. Attackers use IT infrastructure to mine for cryptocurrency. With a programming language, hackers create a crypto mining script, which is then embedded onto numerous websites.

ii) File-Based Cryptojacking

A file-based cryptojacking attack is one of the most common ways through which cryptojacking attacks occur. It takes place when malware is downloaded, and an executable file is run on a computer network. This malware then spreads a crypto mining script throughout the infrastructure of the computer network.

iii) Cloud Cryptojacking

A cloud cryptojacking attack takes place when a cybercriminal uses the cloud services to search through an organization’s files and code to find the API keys. Once the hackers gain access, they siphon unlimited CPU resources for crypto mining.

How to Detect Cryptojacking?


Cybercriminals infect random computer systems with hidden cryptocurrency miners, damaging computers. Thus, organizations need to stay alert to potential cryptojacking threats that can affect operations and compromise their computer systems. Users can detect a cryptojacking threat by following these steps:

1. Being aware of a decrease in performance of the computing device

2. Watching out for overheating of devices and running of fans

3. Monitoring computer systems for CPU usage (this can be a red flag)

4. Scanning for malware

5. Following the latest crypto-news, staying alert, and updating against any threats

Ransomware vs Cryptojacking


While ransomware attacks are complicated, involving research, and planning to develop and deploy the malware, a cryptojacking attack can be less complex as it takes less time to initiate.

Source: eccu.edu

Saturday, 1 January 2022

Information Security and Cyber Laws

Information Security, Cyber Laws, EC-Council Exam, EC-Council Preparation, EC-Council Learning, EC-Council Career, EC-Council Skills, EC-Council Jobs, EC-Council Guides

A Virtual Organization is such type of organization whose members are geographically separated and usually work by computer e-mail and software system while appearing to others to be a single, combined organization with a real physical location.

Virtual Organization is defined as being closely integrated ambitious with its suppliers and downstream with its customers. In the virtual organization, each discrete firm keeps supremacy in major budgeting and pricing matters and functions as part of a greater organization coordinated by the central firm acting as combiner of the actions done by the various partners. Interdependent among partners differentiates the virtual organization from the conventional hierarchy.

Read More: EC-Council Certified Chief Information Security Officer (CCISO)

Companies adept to coordinating and maximizing the capabilities of suppliers will gain more control over key elements of time-from overall order-to-shipment lead time to product-specific cycle time. In addition, full-fledged alliances that tap the resources of multiple parties will effectively slash product-or- process-development time.

◉ Virtual organization is a energetic collection of individuals and institutions which are required to share resources to obtain specified targets.

◉ Virtual organization is a network of independent organizations that combine together for production of a service or product.

◉ Virtual organizations are also mentioned as network organizations, organic networks, hybrid arrangements and value-adding partnerships. This phenomenon has been driven by the effort to achieve greater effectiveness and responsiveness in an extremely competitive environment marked by increasing globalization, technological change and customer demands.

Virtual Organization Properties:

1. Delocalization:

Delocalization is one of the most important developments in the globalization process. It is potentially space dependence. Therefore, enterprises become independent off space and capacity. It eliminates the need for a particular space.

2. Temporalization:

This property deals with the inter-organizational connections and with the internal process organization, in the sense of the standard and pattern organization. The interdependence is described in the life cycle stages of an virtual organization as a circular process of creation, operation, evaluation, and dissolution.

3. Dematerialization:

Dematerialization has the virtual forms in products, communities, services, and so on along the development of the virtualization. With increasing virtualization products become potential immaterial. It means that all object areas are immaterial. Existing correlative confidence for members, lack of physical credits and executives can affect system performance and flexibility.

4. Individualization:

The main reason for this property is increasing consumer demands. One of ways for encapsulating market is to handle to mass production along with personal requirements. Mass customization is one of the way for producers to fulfill customer demands and grave new markets.

5. Non-Institutionalization:

Because operations are performed in a virtual environment without physical attributes, institutionalization of inter-organizational relationships in such environments can be waived.

6. Asynchronization:

This attribute causes members to asynchronously communicate and interact with each other via the ICT in the context of innovations with the release of time. Some companies globally plan their works in three shifts between spread locations.

7. Integrative Atomization:

This property refers to integrate all atomized core competencies of the participants for satisfying customer.

Characteristics of a Virtual Organization:

◉ Virtual organization does not have a corporeal presence but subsits electronically (virtually) on the Internet.

◉ Virtual organization is not constrained by the legal definition of a company.

◉ Virtual organization is formed in an informal manner as an association of independent legal entities.

◉ Principal of synergy (many–to-one). Virtual organization displays a combined property because it is composed from different organizational entities that produce an effect of a single organization.

◉ Principle of divergence (one-to-many). A single organization can display multiplication property by engaging in many virtual organizations at the same time.

◉ Partners in virtual organizations share risks, costs and rewards in search of a global market. The common characteristics of these opportunities, worlds-class core competence, information networks, and interdependent relationships.

◉ Dynamic virtual organizations have a capability to unite quickly.

Virtual Organization Life Cycle:

1. Virtual Organization Creation

2. Virtual Organization Operation

3. Virtual Organization Evolution

4. Virtual Organization Dissolution

Benefits of Virtual Organization:

◉ Virtual organizations make it possible to convince repeatedly changing customer and market needs in a competitive way.

◉ With the help of virtual organizations, it becomes possible to provide services exactly customized to a specific customer need.

◉ Virtual organizations provide ability to participate in the total service range a company can offer to its customers.

◉ Participation in virtual organization enlarges the total number of end-customers a company can extend indirectly via its partners.

◉ By joining in a virtual organization the concept-to-cash time is minimized.

Drawbacks of Virtual Organization:

◉ Each party has its own strategy on access control and conditions of use.

◉ Virtual organization parties require to build trust between them on a peer-to-peer basis.

◉ The assignment of resources is often dynamic since the structure of virtual organizations may change dynamically. This implies that the virtual organization beginner may not know a priority that additional resources may be required.

◉ Members of virtual organization may be located in different countries under different authorities and, as a result, stick on to different legal and business requirements.

◉ There must be mutual trust in security system by all partners involved in virtual organization. This leads to the challenge to come up with an successful and pliable security system.

◉ Privacy and probity at a virtual organization level have to be assured. At the same time parties have to yield access to their services and resources as mentioned in agreements.

Source: geeksforgeeks.org