Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label US Agency. Show all posts
US Agency
Chinese Hackers CISA cyber espionage Cyber Security US Agency

CISA Issues Mobile Security Guidelines Amid Cyber Espionage Threats

 

The US Cybersecurity and Infrastructure Security Agency (CISA) released a comprehensive guide on Wednesday to help individuals in highly targeted positions protect their mobile communications from malicious actors. This move follows a series of sophisticated telecom hacks that impacted major US wireless carriers, including Verizon, AT&T, Lumen Technologies, and T-Mobile. The attacks were linked to Salt Typhoon, a China-backed cyber espionage group.

Earlier this month, the US government emphasized strengthening communications infrastructure security, with specific focus on risks tied to Cisco devices, a prime target for state-sponsored hackers. In line with this, CISA unveiled its Mobile Communications Best Practice guide, aimed at mitigating risks posed by foreign threat actors, especially Chinese cyber espionage groups.

Who Needs This Guide?

CISA’s guidelines are tailored for individuals in senior government and political roles, who are more likely to possess information of interest to sophisticated threat actors. The agency warned, “Highly targeted individuals should assume that all communications between mobile devices—including government and personal devices—and internet services are at risk of interception or manipulation.”

Key Recommendations

  • Use Encrypted Messaging Apps: CISA recommends apps like Signal, which provide end-to-end encryption and features like vanishing messages for enhanced privacy.
  • Enable Phishing-Resistant MFA: Implement Fast Identity Online (FIDO) multi-factor authentication and avoid SMS-based MFA for improved account security.
  • Adopt Additional Security Practices:
    • Use password managers and telco PINs or passcodes for mobile accounts.
    • Regularly update operating systems and applications.
    • Opt for the latest phone models from manufacturers with strong security records.
    • Avoid private virtual private networks (VPNs) due to potential vulnerabilities.

Special Recommendations for Android Users

Android device users are advised to:

  • Enable end-to-end encryption in Rich Communication Services (RCS).
  • Protect DNS queries and use secure connections in Chrome.
  • Activate Enhanced Protection in Safe Browsing and Google Play Protect.
  • Limit unnecessary app permissions to reduce exposure to vulnerabilities.

As cyber threats grow in complexity, CISA’s proactive guidelines serve as a critical resource for mitigating risks and securing sensitive communications. For the complete document, visit the CISA website.

Read more »
Subscribe to: Posts (Atom)