US cybersecurity watchdog urges citizens to only use secure end-to-end encryption messaging app For example, Signal is used to protect mobile communication security.
The Cybersecurity and Infrastructure Security Agency (CISA) shared a series of best practices on Wednesday, December 18, 2024, in the wake of Typhoon Salt. this”Unprecedented cyber attack“Considered the largest intelligence compromise in U.S. history, hackers targeted at least eight U.S. telecommunications companies to spy on citizens.
While the latest CISA advisory is aimed at highly targeted individuals with information of interest to Chinese hackers, everyone can benefit from these security tips. These tips include avoiding unsafe Virtual Private Network (VPN) app.
Signals and more safety tips
“Highly targeted individuals should assume that all communications between mobile devices, including government and personal devices, and internet services are at risk of interception or manipulation,” the U.S. cybersecurity watchdog wrote.
With this in mind, experts urge using instead signal– Similar to a messaging app. These services encrypt all data in transit to ensure your messages remain private between sender and recipient (end-to-end).
CISA recommends looking for services that are compatible with Android and iPhone and allow cross-platform text messaging. These may also include features such as disappearing messages and images, which can further enhance privacy.
Most importantly, “When selecting an end-to-end encrypted messaging application, evaluate the extent to which the application and related services collect and store metadata,” CISA said.
metadata Refers to all information except content, such as IP address, timestamp, data file size, etc. For example, metadata collection is one of the reasons why things like Signal or Session are considered more secure Than WhatsApp.
⚠️ A #CyberEspionage campaign by threat actors associated with the People’s Republic of China targets #telecommunications infrastructure, compromising the mobile communications of high-value individuals. Take action now: Apply the recommendations to protect your information from interception or manipulation. 👉 https://t.co/dtmWL9F82I pic.twitter.com/rOLakd58agDecember 18, 2024
CISA also recommends enabling an anti-phishing form of two-factor authentication to ensure hackers cannot bypass this extra layer of protection. Experts recommend enabling Fast Identity Online (FIDO), which includes biometrics (such as fingerprint or facial recognition) and physical security keys.
As a rule of thumb, you should avoid using SMS messages as a second factor in authentication as they are not phishing resistant. “SMS messages are not encrypted and could be read by threat actors with access to the telecommunications provider’s network who intercept the messages,” the experts explained.
U.S. citizens are also urged to use strong measures Password manager Tool to store all your login details and find powerful combinations. LastPass, Apple Password App, Google Password Manager, and more Proton Pass All are free to use and provide automatic alerts for weak, reused or leaked passwords.
Experts also recommend regularly updating your device’s operating system software to patch any vulnerabilities. They also advise against using unsecured commercial VPN services because “many free and commercial VPN providers have questionable security and privacy policies.”
That’s why it’s important to choose best VPN Apps with a good reputation, a strict no-logs policy, and strong security features—better if they have been independently audited. At the time of writing, TechRadar’s top premium recommendation is NorthVPNalthough PrivateVPN and ProtonVPN is the safest Free VPN.