Encrypted Messaging Advocated by CISA Following Salt Typhoon Cyberattack

The United States Cybersecurity and Infrastructure Security Agency (CISA) has issued a new guidance for mobile users in the US, urging them to enhance their security measures in light of the threat posed by Chinese-affiliated threat groups, including the state-sponsored APT group Salt Typhoon.

Salt Typhoon, known for cyber espionage targeting critical U.S. infrastructure, has recently been behind attacks on at least eight US telecommunications firms in a cyber espionage campaign. The group is notorious for exploiting unpatched vulnerabilities and using custom malware for long-term infiltration and data theft.

To bolster mobile security, CISA advises several key recommendations. First and foremost, users should enable Multi-Factor Authentication (MFA) across all their services, including social media and services provided by Microsoft, Google, and Apple. This additional layer of security can help protect accounts from unauthorised access.

Regularly updating software and applications is another crucial step. This ensures that users have the latest security patches, reducing the risk of exploitation by malicious actors.

In addition, CISA recommends moving away from SMS-based MFA and replacing it with phishing-resistant MFA. This type of MFA is more secure as it doesn't rely on a vulnerable communication method like SMS.

For Android users, enabling Google Play Protect is advised. iPhone users are recommended to enable Apple's Lockdown Mode, a feature designed to provide an extra layer of security against targeted cyber attacks.

Using a password manager is also recommended for mobile users in the US. This tool can help manage complex passwords and reduce the risk of password reuse, a common security weakness.

If an organization requires a VPN client to access its data, it is a different use case. However, Personal Virtual Private Networks (VPNs) are generally discouraged as they may increase attack surface and have questionable security and privacy policies.

CISA suggests choosing from the various FIDO2-enabled options listed by the Fast Identity Online (FIDO) Alliance for MFA. This includes options like security keys and biometrics.

For Gmail users, CISA suggests enrolling in Google's Advanced Protection (APP) program to strengthen defenses against phishing and account hijacking.

Lastly, setting an additional PIN or passcode for your mobile phone account is advised. CISA also recommends configuring Android devices to use a trusted DNS resolver like Cloudflare's 1.1.1.1 Resolver, Google's 8.8.8.8 Resolver, or Quad9's 9.9.9.9 Resolver for improved security and privacy.

CISA advises highly targeted individuals, such as those in senior government or senior political positions, to stop using unencrypted SMS and adopt end-to-end encrypted messaging apps like Signal for secure communication.

This guidance comes as a response to the ongoing threat posed by Chinese-affiliated threat groups and serves as a reminder for all users to prioritise their mobile security.