Are these communications intercepted in transit or lifted from storage later? If the former then an encrypted app won't help. Most of the hacks I have seen are data at rest. These providers should be encrypting their storage.
I assume this attack was related, and I do wonder how T-Mobile was able to stop it, while others were not. Would be cool to know what security tools all of these companies are using. https://www.bleepingcomputer.com/ne...ached-t-mobiles-routers-to-scope-out-network/
Well, apparantly the bad guys already knew, that's why they were so successful. But all kidding aside, I really hope that they communicate this stuff to all other major companies, about how they stopped it and what security tools they were using. Surely companies like CrowdStrike, SentinelOne, Microsoft, Zscaler must be able to stop this stuff? I have read a couple of articles about this attack, seems they are exploiting certain software/hardware, and then run malware on Linux and Windows servers/endpoints. It was apparantly Trend Micro who discovered this attack, but it's not clear if it could also block it, instead of only detect it, when it was already too late, know what I mean? https://www.bleepingcomputer.com/ne...backdoor-telcos-with-new-ghostspider-malware/
From The Guardian today: "Salt Typhoon: In last week’s edition, we dove into why China hacked the world’s phone networks in a brazen and sweeping cyberattack dubbed Salt Typhoon. This week, a startling update: cell carriers like AT&T and Verizon have not notified the majority of people whose phone records were stolen in the hack, nor is there any indication that they will, per NBC. Only the powerful residents of Washington DC, whose phone networks were compromised, like Senate minority leader Chuck Schumer, have been notified by the FBI. The agency has no plans to alert others, a spokesperson said last week." Is anyone really surprised?
I am surprised they told them to use hardware security key and didn't mentioned about backup key. It is common advice for general public to regain access when primary key is lost or damaged. I see some merit in services like banking when you can go to physical branch and ask staff to disable this security layer for time being to regain access. However most services are not like that - lost account is lost account. Two questions: does services for lower and mid ranking government officials can regain their accounts - or is it an throwaway, forget and create new one approach? Are they worried that backup physical key can be too easily obtained by foreign officers so they don't encourage to use them in the first place?
BTW, something I noticed about security keys is that it's easy to forget them once you plug them in. So I would rather not use them on machines that I don't own outside my own house.
