Category: View All

How to mitigate phishing threats from malicious actors looking to infiltrate using mass adoption messaging platforms.

The Federal Office for the Protection of the Constitution (BfV) and the Federal Office for Information Security (BSI) in Germany have issued an advisory about a phishing campaign using the messaging platform Signal.  The statement, highlighted by The Hacker News, says that this highly targeted, likely state-sponsored attack, is aimed at military personnel, investigative journalists and politicians.

The phishing attack doesn’t use any malicious code, it simply exploits an inherent weakness (intended to keep things simple for users) within the messaging platform – namely, that anyone can set up an account with just a device and a phone number.

The attacker pretending to be ‘Signal Support’ or a chatbot called ‘Signal Security ChatBot’ attempts to trick the victim into providing a PIN or verification code.  Should they fall for the trick, the attacker can register the account and access the victim’s profile, settings and contacts.  The victim is now locked out of their own account, but the attacker’s false ‘support’ persona encourages them to set up a new account.  Meanwhile the attacker can now see all communications on the victim’s account (although not previous communications because they are using a different device) and they can send messages to the victim’s contacts.  In this way the attacker can extract extremely sensitive information, not just from the victim, but from any of the group chats that the victim is party to.

There is a similar attack sequence that exploits a feature of Signal (or WhatsApp and similar platforms) that we have written about before, where the victim is tricked into scanning a malicious QR code. Read more here: https://www.armourcomms.com/2025/03/11/beware-malicious-qr-codes-when-using-whatsapp-and-signal/

How Armour mitigates this risk

A secure communications platform, such as Armour, mitigates this type of attack because it is completely within the control of the organisation and only those invited by an administrator can join.  In addition, identity-based encryption and authentication (NCSC’s MIKEY-SAKKE protocol), further ensures that participants in a voice call, instant messaging chat, or video conference, can be confident that they know who they are communicating with.

The Armour Secure Communications platform is already widely used across governments, defence organisations, and enterprises around the world.  For more information about what you should be looking for in a Secure Communications solution download our Buyer’s Guide: https://www.armourcomms.com/2023/06/29/securing-communications-channels-a-buyers-guide/

Data Residency v Data Sovereignty – One is Location, and One is Control, and the difference is critical

A series of revelations this year has fuelled increased debate about what true Data Sovereignty really means. Many organisations think they have ticked the Data Sovereignty box, when in reality they have Data Residency.

Data Residency is a term relatively recently coined to describe where data is held – i.e. where the datacentre that hosts it is located. Many organisations believe (erroneously) that if their data is held in the UK or EU, it is subject to those governing regulations, and therefore as the data is held on sovereign shores it is under their own control.

Data Sovereignty is a term that is often misused to refer to the location of data, when in fact, it means keeping total control of that data. Unless data is held on servers in-house, this is more difficult to achieve than it may at first appear. This is because most organisations use business products and services that are supplied by US tech giants (Microsoft and Amazon are the two that spring immediately to mind, but there are plenty of others).

Why are we talking about Data Residency v Data Sovereignty

In many industries, data sovereignty and keeping control of data, is extremely important for reasons of national security as well as for commercial reasons.  And, in certain cases, it is a legal requirement. Here are a couple of examples that hit the press during the last year where “sovereignty” was not all it was cracked up to be:

In June Computer Weekly reported that Microsoft cannot guarantee the sovereignty of UK data hosted on its hyperscale public cloud infrastructure.  In the detailed article Computer Weekly explains that under Part 3 of the Data Protection Act (DPA) 2018, law enforcement data (the story was about the Scottish Police) must be kept within the UK, as must all public sector data under the G-Cloud 14 framework regulations.

A few weeks later in July The Register reported that; “Microsoft says it “cannot guarantee” data sovereignty to customers in France – and by implication the wider European Union – should the Trump administration demand access to customer information held on its servers.”

The article went on to explain how the CLOUD Act gives the US government authority to obtain digital data held by US-based technology companies irrespective of whether that data is stored on servers at home or on foreign soil. It is said to compel these companies, via warrant or subpoena, to accept the request for information. A Microsoft employee admitted in court that they would be compelled to reveal information to US officials, even if that data were held in France.

All of which contravenes GDPR and UK data protection legislation, however – whatever lip service may be paid to these laws – a US company is more likely to abide by US regulations, despite what a host nation may require.

Data Sovereignty and Secure Communications

At Armour Comms we have a long track record of working with higher assurance organisations, so when we talk about Data Sovereignty we understand the term, and we mean enabling our clients to keep total control of their data.  So that only the data owner has access to it.  This is particularly critical when handling sensitive or classified information.

The Armour® Secure Communications Platform is a federated, cross domain, interoperable architecture for secure communications – voice, instant messaging and video conferencing – enabling interoperability between organisations and their partners and supply chains.

The Armour Secure Communications Platform provides a range of options for on-premises, standalone, sovereign installations, that can be securely federated and provide secure interoperability with other communications, platforms as required.

Armour is approved for use at OFFICIAL-SENSITIVE and NATO RESTRICTED and with our partners, protects communications up to higher assurance levels.

For more information about Secure Communications that provide true Data Sovereignty, contact us today: sales@armourcomms.com, or read our blog: Cloud Repatriation -the new trend, https://www.armourcomms.com/2024/10/11/is-cloud-repatriation-the-new-trend/  or download our white paper: https://armourcomms-25743375.hs-sites-eu1.com/

The new Cyber Security and Resilience (CSR) Bill which is currently going through parliament is designed to improve cyber security across a raft of industries that support critical national infrastructure.  For example, the new bill will bring into scope organisations that supply and support essential services such as the NHS, drinking water providers, energy, transport and even data centres.

In common with NIS2, which is applicable to EU organisations and those that transact with the EU, the CSR bill has a broad remit which means that the regulations will now apply to many more organisations than previous legislation.  As a result, companies – and with them their supply chains – that provide essential services to the public will become subject to far more stringent cyber security risk management requirements.

Medium and large businesses delivering services like IT management, IT help desk support and cyber security to private and public sector organisations – such as the NHS – will be regulated thanks to the CSR bill for the first time. Many hold trusted access across government, critical national infrastructure and business networks, so they need to meet security requirements, which includes having robust incident management plans in place to deal with the consequences of a serious cyber-attack.

The government press release announcing the new CSR Bill, says that regulators will be given new powers to designate critical suppliers to the UK’s essential services. And furthermore, that enforcement will include tougher turnover-based penalties for breaches.

This follows on from the Cyber Governance Code of Practice, published earlier this year by NCSC, which is built around five key principles, namely:

• • Risk Management
  • Strategy
  • People
  • Incident Planning, Response and Recovery
  • Assurance and Oversight

In each section there is an emphasis on the importance of appropriate action plans, allocation of resources and communication plans, in advance of a cyber-attack happening. And an Out-of-Band Secure Communications channel plays a critical role at every stage. Here is a summary of the action points that are supported by the adoption of an Out-of-Band secure communications platform.

Risk Management

Action: Define and clearly communicate the organisation’s cyber security risk appetite and gain assurance that the organisation has an action plan to meet these risk expectations.

The secure communications platform should be set up in advance, with pre-set users and call groups so that when an incident occurs, it can be handled in private without relying on other channels which may be monitored by adversaries or attackers.

Strategy

Action: Gain assurance that resources are allocated effectively to manage the agreed cyber risks.

A pre-defined communications plan, with groups set up in advance ensures that incident response teams (CSIRT), and executive management can simply get on with responding to the incident to get the organisation back on track as soon as possible.  This includes communication with supply chain partners, customers and other key stakeholders to keep them abreast of the situation. Timely communication helps to avoid knee jerk reaction from the media, and in the long term will protect brand reputation.

People

Action: promote a cyber security culture that encourages positive behaviours and accountability across all levels.

Adopting a secure communications platform for sensitive or confidential conversations not only provides employees with the appropriate tools to do their job so that they don’t need to rely on less secure channels. It also helps to foster a more security conscious culture within the organisation.

Incident planning, response and recovery

Action: In the event of an incident, take responsibility for individual regulatory obligations, such as reporting, and support the organisation in critical decision making and external communications.

When dealing with a serious cyber incident reputations can be won or lost.  It is critical at such times that communications with external stakeholders cannot be intercepted by nefarious parties, or the media (for example). The use of secure communications enables the organisation to keep control of the narrative, so that all stakeholders receive the correct information, at the appropriate time.

Assurance and oversight

Action: Establish regular two-way dialogue with relevant senior executives, including but not limited to the chief information security officer (or equivalent).

Action: Gain assurance that cyber security considerations are integrated and consistent with existing internal and external audit and assurance mechanisms.

By preparing communications strategies before an incident occurs – setting up all the key stakeholders that may need to communicate together – organisations can ensure a speedy response and ensure that they have documented communication protocols that are embedded in the Business Continuity Management plan.

For more information about what your organisation should be looking for to support your Cyber Security and Resilience (CSR) with an Out-of-Band secure communications platform, download our latest white paper: https://armourcomms-25743375.hs-sites-eu1.com/out-of-band-incident-management-response-white-paper

Are your employees sharing sensitive information via AI? A secure comms platform ensures confidential information can’t be leaked 

A recent survey caught our eye, about the use of AI and how often sensitive information is shared when it shouldn’t be. As well as concerns about sharing commercially sensitive or confidential information, it also raises another question.  Could your organisation be in the running for a GDPR/ICO fine?  If your employees are using a personal AI/LLM such as ChatGPT, you could well be.

The survey, reported by The Register: https://www.theregister.com/2025/10/07/gen_ai_shadow_it_secrets/, found that 22% cut and paste sensitive information (e.g. Personally Identifiable Information PII subject to Data Protection laws).  A whopping 82% do so from a personal account – meaning there is no oversight for the business.  And although ChatGPT is currently the most popular AI/LLM app by some considerable margin, Microsoft is looking to gain market share, and is reportedly to start supporting personal Copilot account usage in enterprise environments – so more unmonitorable data leaking out to who knows where.

If all of this sounds depressingly familiar to data/cyber security specialists, that’s because it is exactly the same issue as the use of consumer instant messaging apps. Remember the numerous instances of MPs’ disappearing WhatsApp messages debacle? https://www.armourcomms.com/2025/04/11/secure-communications-providing-the-right-tools-to-do-the-job/  

A secure communications platform, that is designed to be Secure by Design and Default from its inception, protects any sensitive and/or confidential discussions that take place within its secure comms ecosystem.  This includes preventing any of the conversations being copied and pasted into other applications, including AI/LLM apps.

Employees have a long track record of using the most convenient tools they can lay their hands on to do the job – such unauthorised solutions (often referred to as shadow IT) are the scourge of the IT department and CISOs everywhere. The danger is that in the rush to get the job done, staff may forget that once information has been shared with their personal AI account, it is effectively leaked, for the AI app to use and share with the world. If organisations are to avoid a GDPR fine of 4% of global turnover, they need to get ahead of the curve, fast.

 Central management of users significantly mitigates the risks

As the IT department knows all too well, a lack of central management of users spells trouble. Not only is there the risk of sensitive data being shared inappropriately, but social engineering attacks are proliferating, with cybercriminals assuming false user identities in order to gain access to enterprise systems. A centrally controlled communications platform, where only those that are invited can join (and to do so, must authenticate securely), mitigates many of the risks associated with impersonation-based attacks, and provides the organisation with the oversight required to comply with data protection and operational resilience regulations.

For handling sensitive, higher assurance conversations and data, instant messaging apps must be Secure by Design and Secure by Default. For example, the use of crypto protocols such as identity-based encryption will ensure a user really is who they say they are, and so prevent impostor-based attacks. Without built-in security features, with default settings to control users and data, instant messaging apps are prone to human error as well as deliberate mis-use. Not least of this, is cutting and pasting information and sharing it with third party applications, and the organisation subsequently losing control of the copied data.

Award-winning Armour secure communications

The Armour® Secure Communications Platform (multiple recipient of the SC Awards Best Communications Security Solution) provides an alternative to consumer grade applications. The platform brings together a quick-to-deploy, easy-to-use solution that can be used on both mobile devices and desktops, with enterprise security features not provided by mass-adoption collaboration products or free-to-use consumer apps. It protects data throughout its lifecycle, providing all elements of mobile communications/collaboration including voice, instant messaging, and video conferencing, encrypting data both at-rest and over-the-air.

The Armour Secure Communications Platform offers total data sovereignty within a controlled environment where all users are centrally managed and enrolled.  Users can only enrol once invited to do so by their Administrator.  Once their device is enrolled, the user authenticates to the communications app in their usual manner (which can include in-built biometric readers) and only then can they use the service.

As a trusted third-party system, the Armour Secure Communications Platform can be used for sensitive conversations, safely segregated from the IT infrastructure used for everyday communications.

Armour Secure Comms Platform provides control of users and data

• Complete central control over users and data – only those invited by an administrator can use the platform.
• Armour centrally controls the ability to cut and paste information, significantly reducing data leakage to AI/LLM apps such as ChatGPT, MS Copilot and others.
• Multi-domain, multi-organisation structure with strictly siloed security means that Armour can augment and broaden secure communications and collaboration capabilities.
• Corporate Confidential, OFFICIAL, OFFICIAL SENSITIVE, NATO RESTRICTED, and higher assurance collaboration can be provided securely via Armour Cloud extending to include desktops, workstations and unified comms systems (such as office phone systems).
• Alternatively, the Armour installation can be hosted and managed on-premises to give the organisation total data sovereignty.

The Armour Mobile app is every bit as engaging and easy to use as consumer and mass-adoption collaboration apps, which typically results in high adoption rates amongst our clients (reducing any reliance on shadow IT).

To learn more about how The Armour Secure Communications Architecture and Platform could help your business to avoid data leakage, and GDPR fines, download a copy of our white paper: https://armourcomms-25743375.hs-sites-eu1.com/

Armour CEO, David Holman, shares his thoughts on DSEI UK

Despite the Tube strike, DSEI UK, held at ExCeL, 9 – 12 September was absolutely buzzing!  The show was busy and vibrant, with a plethora of robotic dogs, drones (or anti-drone tech), along with the usual impressive array of defence hardware. In the software and cybersecurity ecosystem zone (the new “Maritime” Hall 15) we were run off our feet.

Sea-change – consumer apps no longer tolerated

Since the last DSEI UK in 2023 we have seen a step change in the attitude within this market toward the use of consumer apps for communication.  While once they were tolerated we are now seeing a conscious move away from the likes of WhatsApp and even Signal. All this in the wake of widespread headlines, including arguably the most high profile example, where a journalist was mistakenly included in US government discussions about sensitive military operations (aka “SignalGate”).

The BBC reported that the journalist’s number was mistakenly attributed to one of the government staff who was invited to the group chat. (While in this instance, it was human error that such sensitive data leaked to the outside world, an app that was Secure by Design would have ensured that user identities could not be confused in this way.)

The ’SignalGate’ wake-up call has resulted in many governments and defence organisations looking afresh at sovereign capabilities for secure communications.

Delegations galore

Across the week we were visited by six military delegations from countries in the EU and beyond, supporting our continued export drive.  In addition, we had meetings prebooked back to back throughout the show, and there was plenty of passing footfall to keep us busy.

British Army Project and Industry collaborations announced

This year we had significant collaboration from our SI partners, with Armour solutions a part of capabilities demonstrated by ATOS, Fujitsu and Roke. Our relationships with SiXworks and PentenAmio have already resulted in joint solutions being actively used within HMG/MoD. .

We were also pleased to be able to discuss our on-going work with the British Army with many of the military attendees to supply secure voice, conferencing and operational record keeping, protecting our troops in the most challenging environments.

Roke’s Charlie Charlie One (CC1)

Armour Mobile is now available for the CC1 AI-enabled Tactical End User device which was demonstrated at the show, and it was certainly a  popular talking point on the stand. Together Armour Mobile and Roke’s CC1 devices provide troops with everything they need for battlefield situational awareness.

For more information about Armour’s Secure Communications architecture and platform for defence organisations read our white paper: https://armourcomms-25743375.hs-sites-eu1.com/https/armourcomms-25743375.hubspotpagebuilder.eu/dsei-25-defence-military-secure-communications-white-paper