How to Safeguard Digital Communication

On 13 Nov, the Cybersecurity and Infrastructure Security Agency & the Federal Bureau of Investigation (FBI) released a statement (https://lnkd.in/ezrFy_4j) on the US government's investigation into PRC targeting of telco infrastructure: “PRC-affiliated actors have compromised networks at multiple telecommunications companies to enable the theft of customer call records data, the compromise of private communications of a limited number of individuals who are primarily involved in government or political activity, and the copying of certain information that was subject to U.S. law enforcement requests pursuant to court orders. We expect our understanding of these compromises to grow as the investigation continues." With the investigation ongoing, folks should take basic steps now to protect their personal communications. With gratitude to CISA's Senior Technical Advisor Bob Lord (https://lnkd.in/e-WxWiFF) consider the below steps: - Enable FIDO authentication or FIDO https://lnkd.in/ezzyha7t for email & social media accounts - Migrate off SMS MFA for all other logins. Migrate to FIDO/passkeys if you can, otherwise to an authenticator app - Use a password manager for all passwords. Use a strong pass phrase (https://lnkd.in/ebPpTAU5) for the vault password. - Set a telco PIN to reduce chances of a SIM-swap attack - Update the OS and all apps and turn on auto update Additional tips: 1. Encrypt all text and voice communications (some options): - Signal works well on iPhones & Android phones. - iMessage is great if all your contacts are within the Apple ecosystem, though that’s limiting - Collaboration suites like Google Workspace or Teams can work but don’t always encrypt as you might assume. For example, Teams encrypts data point-to-point, meaning it’s decrypted on Microsoft’s servers before re-encrypting it to the recipient. If you want end-to-end encryption, there’s an option, but it’s off by default and only supports two people on the call. - WhatsApp might be ok for some people based on their threat model but understand metadata it keeps (https://lnkd.in/eQkP-Ety) & how it's used (https://lnkd.in/eiZmxgi4). 2. If you use an iPhone disable these carrier-provided services that increase the attack surface: - Disable: Settings > Apps > Messages > Send as Text Message - Disable: Settings > Apps > Messages > RCS Messaging > RCS Messaging 3. Protect DNS lookups (some options): - Apple iCloud Private Relay - Cloudflare’s 1.1.1.1 resolver - Quad9’s 9.9.9.9 resolver 4. Use recent hardware: Apple (13 or newer) or Google (Pixel 6 or newer) 5. Depending on your threat model, consider enabling Lockdown Mode on iPhones: It will disable some features, but it’s manageable

𝐒𝐚𝐥𝐭 𝐓𝐲𝐩𝐡𝐨𝐨𝐧: 𝐓𝐡𝐞 𝐂𝐲𝐛𝐞𝐫𝐚𝐭𝐭𝐚𝐜𝐤 𝐓𝐡𝐚𝐭 𝐂𝐨𝐮𝐥𝐝 𝐇𝐞𝐚𝐫 𝐘𝐨𝐮𝐫 𝐂𝐚𝐥𝐥𝐬 (𝐀𝐧𝐝 𝐇𝐨𝐰 𝐭𝐨 𝐏𝐫𝐨𝐭𝐞𝐜𝐭 𝐘𝐨𝐮𝐫𝐬𝐞𝐥𝐟) The Salt Typhoon cyberattack isn’t just the biggest telecom breach in recent memory it’s a global wake-up call. First uncovered in early 2022 but active since 2024, this sophisticated campaign by 𝐡𝐚𝐜𝐤𝐞𝐫𝐬 𝐞𝐱𝐩𝐥𝐨𝐢𝐭𝐞𝐝 𝐯𝐮𝐥𝐧𝐞𝐫𝐚𝐛𝐢𝐥𝐢𝐭𝐢𝐞𝐬 𝐢𝐧 𝐭𝐞𝐥𝐞𝐜𝐨𝐦 𝐧𝐞𝐭𝐰𝐨𝐫𝐤𝐬, compromising call logs, unencrypted texts, and even audio communications. 🔹 What Happened? Salt Typhoon targeted the infrastructure of 𝐚𝐭 𝐥𝐞𝐚𝐬𝐭 𝐞𝐢𝐠𝐡𝐭 𝐦𝐚𝐣𝐨𝐫 𝐔.𝐒. 𝐭𝐞𝐥𝐞𝐜𝐨𝐦 𝐩𝐫𝐨𝐯𝐢𝐝𝐞𝐫𝐬, including AT&T and Verizon, but its impact reaches far beyond American borders. 𝐁𝐲 𝐢𝐧𝐟𝐢𝐥𝐭𝐫𝐚𝐭𝐢𝐧𝐠 𝐜𝐚𝐫𝐫𝐢𝐞𝐫 𝐬𝐲𝐬𝐭𝐞𝐦𝐬 𝐭𝐡𝐞 𝐡𝐚𝐜𝐤𝐞𝐫𝐬 𝐛𝐲𝐩𝐚𝐬𝐬𝐞𝐝 𝐮𝐬𝐞𝐫-𝐟𝐚𝐜𝐢𝐧𝐠 𝐞𝐧𝐜𝐫𝐲𝐩𝐭𝐢𝐨𝐧 𝐦𝐞𝐚𝐬𝐮𝐫𝐞𝐬. The result? Private communications compromised on a massive scale. 🔹 Why It Matters Everywhere? Telecommunications networks connect the world, and their vulnerabilities are everyone’s problem. Whether you’re in Washington, D.C., London, or Sydney, the same gaps exploited in the U.S. exist in networks globally. This attack isn’t just about one country it’s about how interconnected systems create worldwide risks. 🔹 What You Can Do Now? Protecting yourself starts with taking control of how you communicate: 1. Use Encrypted Messaging Apps: Apps like Signal and WhatsApp provide end-to-end encryption, securing messages even if intercepted. 2. Stop Using SMS: Standard text messages are unencrypted and highly vulnerable avoid using them for sensitive information. 3. Assume the Network Is Vulnerable: Regardless of your location, prioritize secure communication methods to mitigate risks. 4. Stay Informed: Cyberattacks evolve quickly keep up with the latest advice from trusted cybersecurity sources. 🔹A Final Word The Salt Typhoon attack highlights a hard truth: In the face of uncertainty, vigilance is your best defense. As Sun Tzu said, “𝐼𝑛 𝑡ℎ𝑒 𝑚𝑖𝑑𝑠𝑡 𝑜𝑓 𝑐ℎ𝑎𝑜𝑠, 𝑡ℎ𝑒𝑟𝑒 𝑖𝑠 𝑎𝑙𝑠𝑜 𝑜𝑝𝑝𝑜𝑟𝑡𝑢𝑛𝑖𝑡𝑦.” The opportunity here is to act now to secure your communications and take ownership of your digital safety before it’s too late. #security #mindsetchange #ai 𝗡𝗼𝘁𝗶𝗰𝗲: The views within any of my posts, or newsletters are not those of my employer or the employers of any contributing experts. 𝗟𝗶𝗸𝗲 👍 this? Feel free to reshare, repost, and join the conversation. Gartner Peer Experiences Theia Institute™ VOCAL Council Intelligent Automation Congress Institute for RPA & AI (IRPA AI) InsightJam.com PEX Network IgniteGTM Solutions Review

As you may have read, 8 US telecoms, plus others worldwide, have been confirmed to be compromised by Chinese hackers, who have stolen text messages, call information, and other types of data. So what can you do to protect yourself? My advice: 1. Most importantly, stop using unencrypted communications wherever possible. That means, text and voice communications should be done through more secure channels built with end-to-end encryption, such as iMessage, Signal, and WhatsApp. 2. Use authenticator apps or passkeys instead of SMS-based two-factor authentication. You should regard SMS as a compromised channel, and in fact, it can be used as a way to take over your accounts. 3. Minimize your data exposure footprint. Don't share data with services unless you have to, and limit the permissions you grant to apps. 4. Remember that these are security controls and not fraud controls, so even on encrypted channels you need to carefully vet messages you receive against social engineering, phishing, and other forms of fraud. Finally, officials say that the telecoms continue to be compromised and they don't know when they will be able to expunge the hackers from their systems. In fact, we should always assume those networks are compromised. It will be difficult for them to know when they have found all of the hackers' backdoors, and this is only for the hackers we know about—there can always be others. But taking the above steps to secure your communications will help protect you in any scenario.

The Salt Typhoon Espionage Campaign: A Wake-Up Call for the Telecommunications Industry The more we uncover about the Salt Typhoon cyberespionage campaign, the more alarming it becomes. A ninth U.S. telecommunications company has now been confirmed as a victim of this sweeping Chinese operation, which granted Beijing officials access to private text messages and phone calls of countless Americans. This should serve as a wake-up call for the urgent need to prioritize cybersecurity in the telecommunications sector. Robust defenses and proactive measures must become the standard. Here's what you can do for now: 1️⃣ Use End-to-End Encrypted Messaging Apps: Opt for apps like Signal that prioritize encryption. When selecting an end-to-end encrypted messaging app, evaluate whether the app collects and stores metadata to ensure your privacy is fully protected. 2️⃣ Secure Password Management: Use strong, unique passwords and rely on trusted password managers to store your credentials securely. 3️⃣ Avoid Unsecured VPNs: Be cautious with free or commercial VPNs which usually have questionable security policies that make them 'free'. Research providers thoroughly before trusting them with your data. 4️⃣ Regular Software Updates: Keeping device operating systems up-to-date is essential for patching vulnerabilities and maintaining robust security. At AdvisorDefense, we specialize in helping organizations fortify their cybersecurity strategies. From consulting on secure communications solutions to implementing advanced threat detection systems, our expertise ensures that your organization stays one step ahead of evolving threats. How is your organization preparing for the next wave of cyber threats? #Cybersecurity #Telecommunications #AdvisorDefense #SaltTyphoon #DataPrivacy #SecureCommunications https://lnkd.in/emX8kkJX