CISA Urges Encrypted Messaging After Salt Typhoon Hack
'...Mobile users in the US should swiftly move away from using unencrypted SMS and adopt phishing-resistant multifactor authentication (MFA), the latest guidance from the US Cybersecurity and Infrastructure Security Agency (CISA) has urged.
The guidance was prompted by the threat posed by Chinese-affiliated threat groups, including Salt Typhoon. This advanced persistent threat (APT) group recently targeted at least eight US telecommunications firms in a massive cyber espionage campaign. ...adopt an end-to-end encrypted messaging app like Signal instead.
The Agency also recommended moving away from SMS-based MFA and replacing it with phishing-resistant MFA, choosing from the various FIDO2-enabled options listed by the Fast Identity Online (FIDO) Alliance. Users should enable MFA across all their services, mainly social media and services provided by Microsoft, Google and Apple.
“For Gmail users, enroll in Google’s Advanced Protection (APP) program, as it strengthens your defenses against phishing and account hijacking,” added the Agency.
Other recommendations include:'
Reference: www.infosecurity-magazine.com
Tags: