As UK Government calls out China for state-affiliated actors for malicious attacks.
NCSC has this week upgraded its Defending Democracy guidelines with additional detailed information on how to reduce the risk of cyber attacks in the light of latest findings.
The UK government has called out China state-affiliated actors for carrying out malicious cyber activity targeting UK institutions and individuals important to democracy. The National Cyber Security Centre (NCSC) assesses that the China state-affiliated cyber actor APT31 was almost certainly responsible for targeting UK parliamentarians.
Paul Chichester, NCSC Director of Operations, said:
“The malicious activities we have exposed today are indicative of a wider pattern of unacceptable behaviour we are seeing from China state-affiliated actors against the UK and around the world.
“The targeting of our democratic system is unacceptable and the NCSC will continue to call out cyber actors who pose a threat to the institutions and values that underpin our society.
“It is vital that organisations and individuals involved in our democratic processes defend themselves in cyberspace and I urge them to follow and implement the NCSC’s advice to stay safe online.”
The publication of new Defending Democracy guidance follows the release of fresh advice for high-risk individuals published by NCSC in December.
What is a high-risk individual?
The NCSC’s definition of a high-risk individual in a cyber-security context is those whose work or public status means they have access to, or influence over, sensitive information that could be of interest to nation state actors. High-risk individuals include those working in political life (including elected representatives, candidates, activists and staffers), academia, journalism and the legal sector.
NCSC states that in recent years there have been a number of targeted cyber attacks against high-risk individuals in the UK, to attempt to gain access to their accounts and devices. This has resulted in the theft and publication of sensitive information, which can also cause reputational damage.
Advice about the use of Messaging Apps
As well as the usual advice around the use of social media and wherever possible only using corporately managed accounts and devices, NCSC gives specific advice around the use of messaging apps such as such as WhatsApp, Messenger and Signal. When using these types of mass-adoption application, for personal use on a personal device, it recommends:
- The use of disappearing messages that automatically delete after a set period. This may limit what an attacker might access, should they be successful. However, while some consumer-grade apps do have disappearing messages, they will not necessarily be deleted from all devices, if they have been saved, or forwarded to a third party.
- Be careful who you are communicating with as impersonation-based attacks can be very convincing, as can deepfakes powered by AI. Can you be certain that you are communicating with who you think you are?
- Be mindful of who else is in the chat group – unless it is a closed group, you probably don’t know who else is in the group for certain.
- Avoid accepting message requests from unknown accounts – consider calling first to verify who they are
- Ensure that the latest security updates are installed and set up two-step verification (2SV) for when you log in.
WhatsApp et al are not suitable for organisational use
As we’ve stated many times before, personal messaging apps are not secure enough for business use. An enterprise-grade secure communications platform should be used for business communications as this provides a much higher level of protection and avoids many of the issues with mass-adoption apps.
How Armour® helps
Armour Mobile™ protects mobile communications and data on corporately owned and BYOD devices.
Centrally managed, identity-based encryption and authentication
Armour’s solutions are centrally managed, so only those invited can join a group. Armour uses identity-based encryption and authentication so users can be sure that they are communicating with who they think they are, and not an impostor or a deepfake.
Keeps communications separate – avoids data leakage to other apps
The Armour platform completely isolates the communications and any associated data and files (attachments such as documents, images, video clips). In addition to end-to-end security over-the-air, all data is encrypted and secured at-rest within the app, protecting contacts, messages and attachments from malware, either on the device or if the device is lost or stolen.
Armour provides its own viewers for certain types of attachments, so as not to share information with the operating system or third-party viewers, and preventing the user from deliberately, or accidentally, sharing the attachment (and its sensitive information) outside of the Armour app, thus avoiding the potential for data leakage.
Secure by Design, Secure by Default
Armour’s products are ‘Secure by Design’ and ‘Secure by Default’, out of the box. The end user does not need to select a secure setting, it is already configured. For example technology in the app requires sole use of the microphone ensuring rogue apps are not ‘listening’ into voice or video calls.
Secure provisioning routines, and closed VPN
To minimise the use of the public internet and untrusted, insecure networks, the Armour apps can be installed in a variety of ways. Depending on the specific use case requirements this can include via SD card or via a completely closed VPN network (using additional technology from Armour technology partners).
Message Burn – manage messages even after they are sent
The Armour platform includes many security features within the app to protect against data leakage. This includes Message Burn/Disappearing Messages features, where the sender of a message can set it to automatically delete at a set time, either after it has been read, or after it has been sent. This feature can be deployed centrally as a standard setting across chat groups or communities of users. Optionally, the app can be set to delete all messages after a set period, for example, 30 days, so that old messages are not hanging around for longer than they need to. In addition, if a phone is lost, stolen or compromised, all data held within the Armour platform can be wiped remotely.
Engaging user experience
Armour applications are every bit as intuitive and engaging to use as consumer and mass-adoption communication apps. The Armour platform is quick to deploy and communities can be up and running within hours.
For more information about how Armour can help your organisation defend democracy and protect sensitive corporate and client information contact us today.
Or read our Buyer’s Guide to find out what you should be looking for: https://www.armourcomms.com/2023/06/29/securing-communications-channels-a-buyers-guide/
