Category: Blog

New spearfishing attacks against targeted organisations and individuals

A recent spate of instances involving the use of malicious QR codes is a timely reminder, once again, that mass-adoption consumer apps are often a favoured attack vector for criminals and state-sponsored actors… and so should NOT be relied upon for military, sensitive or commercial business communications.

The latest story to hit the headlines is the compromise of Signal accounts, including some used by military targets, by exploiting the device-linking feature within the app. Google Threat Intelligence Group (GTIG) has reported that use of the device-linking feature is being widely used by state-sponsored groups to attack Signal accounts. Social engineering is used to trick targets into scanning malicious QR codes that link their device to a device controlled by the attacker.  From there the scammer can synchronize with the victim’s device and see all their secure communications.

Signal QR code attack vector is evolving

This trick is being adapted by the attackers depending on the target. For a broader attack the malicious code is disguised as a legitimate app resource, such as a Signal group invite or device pairing instructions from the Signal website.  When individuals are targeted, phishing sites are set up that have been specifically designed to attract the victim’s attention.  In other examples, a legitimate group invite page is altered to redirect to a malicious domain that then pairs the victim’s device with a device controlled by the attacker.

GTIG has reported that this type of attack has successfully been perpetrated on devices used by military forces on the battlefield.

Particularly worrying is that this compromise is very difficult to spot and so can remain undetected for extended periods of time.

WhatsApp attacks proliferating too

Activity by the group known as Star Blizzard is another case in point, with an advisory notice issued from the national technical authorities of all of the ‘Five Eyes’ community (NCSC, CISA, FBI, NSA, CNMF, ACSC, CCCS, NZNCSC).

Star Blizzard creates email accounts and fake social media profiles impersonating known contacts of the target, using malicious, but authentic-looking domains.  They take time to build rapport with the victim and then send a link to the malicious site. What is new here is that the attackers are now inviting people (including US government officials) to join a WhatsApp group with a QR code. which includes malicious code that gives the attacker access to the victim’s account.  The perpetrator can see messages, correspondence, credentials, contacts, and can steal them. By joining the WhatsApp group the victim gives access to their data, so the attackers can exfiltrate it.

There has been a concerted effort in the mainstream media to highlight the dangers of ‘pig butchering’ – a gruesome name for the practice where a scammer builds a ‘rapport’ with the victim, often over many months, before asking for money. The victims are often so convinced that they part with significant amounts of money before the fraud is unearthed – leading to some heartbreaking cases.

In a similar manner, the ongoing, broad, and totally inappropriate use of WhatsApp for sensitive government and defence communications has predictably led to similar, targeted, social engineering attacks on such users, as well as high value zero-day hacks.  Even commercial solutions such as Teams are targeted in a similar manner.

Mass adoption apps increase risk of compromise for sensitive communications

These two examples are a clear demonstration of why mass adoption and consumer apps (such as WhatsApp and Signal) are simply not suitable for business use.  People are familiar with using them in their personal lives and are therefore much more likely to be tricked/scammed because they will not be on their guard in quite the same way – familiarity breeds contempt.

Mass adoption apps are difficult (if not impossible) for IT departments to manage as they are usually controlled by organisations that are more concerned with building a user base as large as possible, rather than protecting individuals’ security. Their use is so widespread that they make an obvious target for malicious actors looking to disrupt and/or steal valuable information.  There may also be questionable use of the app data by its creator.

Armour Secure Communications Platform – built for purpose

By keeping work conversations/communications within built-for-purpose business applications, such as Armour Mobile, sensitive communications, documents, files and contact lists, etc, remain controlled and protected within the Armour platform. Data sovereignty is maintained and information can’t be exported or shared outside of strictly controlled groups of Armour users.

The central management of the complete Armour Mobile user lifecycle provides robust security such that only authorised users can access the system, and their access and data can be instantly revoked when they leave, or if their device is lost or stolen. This is one of the biggest differentiators between a free-to-use consumer app and an enterprise level product such as Armour Mobile. Using a Secure by Design (and Secure by Default) communications and collaboration platform such as Armour fosters and enforces good security practices and supports user and organisational data privacy.

For more information about what you should be looking for in a Secure Communications Platform read our Buyer’s Guide: https://www.armourcomms.com/2023/06/29/securing-communications-channels-a-buyers-guide/

We’re delighted to announce that 12 January 2025 saw the 10^th anniversary of the founding of Armour Communications. In that time the technological and threat landscape has changed considerably.  Our product set has grown from a single solution to provide robustly secure voice, video conferencing and instant messaging capabilities for high assurance industries such as military, defence and central government, to a comprehensive platform for secure collaboration that is used by a much broader client base including enterprise, financial services, and the wider public sector, both in the UK and internationally.

The solution of choice for higher assurance, and beyond

Armour Mobile is now used extensively throughout the MOD for a wide range of different use cases, and is the solution of choice for a number of multi-national systems integrators that work closely with Armour to deliver solutions to defence organisations around the world.

A growing network of alliance partners

Our work with chosen alliance partners including systems integrators, cyber security solutions partners, and managed service provides (MSPs), means we are able to address specific industries and geographies. As a result, Armour is used in many international markets, spanning a wide range of security-conscious industry sectors.

Packaged solutions to meet different requirements

The Armour Secure Communications Platform is now available in a range of flexible packages to suit most deployment requirements from a fully managed, turnkey solution; to hosted/self-managed; and full on-premises installations.  Each of the three packages, can be tailored to meet specific needs.

Armour Cloud

A fully managed SaaS solution for standard deployments for SMB/SME sized organisations, with one simple affordable price. Armour Cloud™ is aimed at organisations looking to replace the use of consumer apps, improve security of mobile communications mitigating deepfake and impostor-based cyber threats, retain control of corporate data including data sovereignty, and for improved security, GDPR and regulatory reasons.

Armour Cloud is also ideal for organisations looking for an out-of-band communications channel with which to handle incidents or to protect sensitive C-suite communications.

Armour Cloud+

A SaaS solution for SMB/SME sized organisations to manage their own users for standard deployments.  The package includes secure recording, archiving and audit of voice and instant messaging conversations, with interoperability by extending the reach of mobile secure communications to enterprise unified communications systems which include desk phones and IP soft phones.

Armour Cloud+ is ideal for any regulated organisation needing auditability including responding to Freedom of Information requests.

Secure video conferencing can be added as an optional extra.

Armour Enterprise

A solution that supports the robust requirements of higher assurance and SME/Enterprise organisations that need complete control over all aspects of their secure communications. Armour Enterprise™ is provided as either an on-premises implementation or via a number of SaaS options. Secure interoperability with enterprise unified communications including desk and IP soft phones, secure video conferencing and secure archive and audit are also included within the packaged price.

Multi-award winning products

The multi award-winning Armour Secure Communications Platform now incorporates secure video conferencing, file attachments, and comprehensive interoperability via any number of integrations and bridges to other technologies. Secure archive and audit are now also available – a hugely complex piece of engineering to support the compliance requirements of regulated industries such as financial services, health and legal, and, those that need to comply with Freedom of Information requests, such as local authorities, NHS, blue light services and organisations providing critical national infrastructure.

Standards-based quality  

We’ve worked with the UK’s NCSC and other technical authorities to ensure that the Armour Secure Comms Platform is developed based on security industry standards and that it meets the NCSC’s 7 Principles of Secure Communication and is Secure by Design and Default.  With a range of deployment options including secure hosted cloud and on-premises, it can provide data sovereignty – something which mass adoption services such as Microsoft Teams cannot even for government customers.  Armour® holds ISO 27001 and Cyber Essentials+ certifications and Armour Mobile™ is approved for use at OFFICIAL-SENSITIVE, NATO RESTRICTED and higher assurance levels.

Rising to the challenge

As we start back to work after the New Year, we reflect with optimism on what the next 10 years may bring.  With the rise of AI and impersonation-based attacks now a stark reality, our aim remains the continued development of standards-based secure communications solutions, that are every bit as easy to use as consumer-grade apps but with robust security to thwart the ever changing attack vectors that we now see on a day to day basis.

For more information about how Armour Comms can help your organisation to safeguard privacy of messaging, voice and video communications, read our Securing Communications Channels Buyer’s Guide, or contact us today sales@armourcomms.com

As the Scottish Government hits global headlines for its announcement of a ban on the use of the consumer messaging app WhatsApp for official business, we ask, what next? What should they be using for secure communications?

The Scottish government is not the first to take such measures, the French government made a similar ban on the use of WhatsApp, Signal and Telegram by ministers and their teams, as have NatWest Bank, and several years ago now, the German company Continental AG

This latest ban will be applied to all Scottish government devices and takes effect from Spring 2025. This was announced in the wake of an external review of the use of messaging apps after it was revealed by the COVID enquiry that huge swathes of messages that took place during the pandemic had been deleted by ministers (as discussed in our previous blog: Scottish Covid inquiry finds that Nicola Sturgeon appears to have deleted ALL her WhatsApp messages.)

Deputy first minister Kate Forbes said “Government business should happen on government systems which are secure, searchable and allow the appropriate sharing of information, in line with our statutory duties.”

While the use of Teams will still be allowed in Scotland, in revelations earlier this year by Computer Weekly, Microsoft admitted that it cannot guarantee the sovereignty of UK data hosted on its hyperscale public cloud infrastructure.  In the detailed article Computer Weekly explains that under Part 3 of the Data Protection Act (DPA) 2018, law enforcement data must be kept within the UK, as must all public sector data under the G-Cloud 14 framework regulations.

With all this in mind, what should organisations be doing to protect sensitive their communications?

NCSC approved alternative to consumer apps

As we have stated many times before, there is really no excuse for the use of consumer apps by those in public office when there is an NCSC approved alternative that is every bit as engaging and easy to use.  Not only do consumer apps, such as WhatsApp and many others, lack enterprise-grade security features, such as identity-based authentication (which tackles the issues of impersonation-based attacks/spoofs/AI deepfakes, etc.), but as we are reminded yet again, such apps lack any central management of messages and conversations, and therefore do not protect the public record.

Award-winning Armour secure communications

The Armour® Secure Communications Platform (multiple recipient of the SC Awards Best Communications Security Solution) provides an alternative to consumer grade applications. The platform brings together a quick-to-deploy, easy-to-use solution that can be used on both mobile devices and desktops, with enterprise security features not provided by mass-adoption collaboration products or free-to-use consumer apps. It protects data throughout its lifecycle, providing all elements of mobile communications/collaboration including voice, instant messaging, and video conferencing, encrypting data both at-rest and over-the-air.

Suitable for higher assurance video conferencing

Security conscious organisations such as government departments, law enforcement,  military, defence contractors and public sector bodies all need products designed with their specific requirements in mind. The Armour Secure Communications platform is built to give organisations control of where they deploy and where their data resides, with both secure hosted and on-premises options available.  It addresses issues such as GDPR and industry-specific regulations including DPA 2018 Part 3 as cloud-based providers often cannot satisfy sovereign needs.

Armour Recall™ captures, retains and archives data to ensure organisations keep control of their data and can review at a later date to prove compliance and as a matter of public record.

Armour Unity™ delivers secure conferencing in an easy-to-use app for mobile use and is available in several configurations to ensure the level of security matches the sensitivity of the conversation.

Strict security measures within Armour give the organisation total control over data. For example, constraining message retention, Message Burn (automatically deleting messages after a set time), controlling features like forwarding/sharing data, erasing all data in the event of device (or user) compromise.

Users and call groups are centrally managed, people can only join and use the app by invitation. Identity-based authentication (using NCSC’s MIKEY-SAKKE protocol) means that users can be confident when using the platform that they are communicating with who they think they are.  In this way Armour addresses the issue of identity-spoofing and ghost-callers, including AI-generated deepfakes.

For more information about what your organisation should be looking for when considering a secure communications solution read our Buyer’s Guide: https://www.armourcomms.com/2023/06/29/securing-communications-channels-a-buyers-guide/

FBI and CISA officials are recommending the use of encrypted applications for instant messaging, texts and voice calls. However, consumer applications like WhatsApp and Signal do NOT mitigate the full nature of this threat vector and certainly do not protect metadata, including user location.

A federated, sovereign, cross domain architecture for secure communications – voice, instant messaging and video conferencing – can protect against these threats. Such a solution can provide interoperability across organisations, from low to high classifications and assurance levels, and must be supported by recognised security accreditations, delivering the security necessary to mitigate against the growing cyber risks and threats in this area, while delivering consumer app ease of use.

Touted as the biggest, most blatant cyber-espionage attack in history, PRC (People’s Republic of China) is behind the hacking of some of the world’s largest telcos.  While the US is hitting the headlines, The Register has reported that other countries such as Afghanistan, Brazil, Eswatini, India, Indonesia, Malaysia, Pakistan, the Philippines, South Africa, Taiwan, Thailand, and Vietnam have all been targeted. And it’s not just telcos, other target industry sectors include: technology, consulting, chemical and transportation industries, government agencies, and non-profit organizations (NGOs) in the US, the Asia-Pacific region, the Middle East, and South Africa.

The FBI and the US Cybersecurity and Infrastructure Security Agency (CISA) have issued recommendations that citizens use encrypted apps to protect the privacy of their communications.

While this is highly concerning news for governments, public sector organisations, organisations supporting critical national infrastructure (CNI), journalists, law enforcement and anyone with a sensitive job role, it is also worrisome for everyone, at every level. Indeed, in the NCSC’s recently published Annual Review, NCSC CEO Richard Horne states: “We face enduring threats from hostile states and cyber criminals looking to exploit our dependency on the technology that now underpins all aspects of modern life.

Advice from NCSC over 5 years ago is even more pertinent now: “Consider options for secure or alternative communications in event of a sensitive incident, or where normal channels are unavailable due to network/email/phone system outage.”

The Salt Typhoon attack is using multiple activities to cause a range of issues including:

Intercepting and eavesdropping communications

Salt Typhoon is using its presence on telecom provider networks to intercept calls and messages of targeted individuals, which include government officials and politicians, amongst others. This means that communications involving sensitive topics or national security could be falling into the hands of an unfriendly regime.  Any product that uses end to end encryption can mitigate this particular risk, including Armour Mobile. However, UK military and defence organisations have been discouraging the use of consumer grade apps for messaging for a number of years now and have already implemented more secure comms mechanisms. A key reason for using dedicated secure systems is that there is a lot more to securing communications than just encryption (as we explain in our blog: If there’s more to security than encryption – what else do you need?)

Accessing and mining metadata

The attacker has stolen large amounts of call detail records (metadata), for example, caller and receiver phone numbers, call duration, call type and phone location. So, even if the detail of the conversation/communication cannot be read (when using end to end encryption), adversaries can glean a lot of valuable intelligence just from knowing who is speaking to whom, when and where. For example, knowing the location of a journalist or activist in a rogue state can quite literally be a matter of life and death for those individuals.

The fact that social media companies sell their members’ metadata to advertisers demonstrates just how valuable it is, even for the ordinary citizen (and clearly, even more valuable if it is a politician or public official).

Whilst it’s not possible to stop metadata from being generated, steps can be taken to control access to it. Armour Comms securely manages communications in the cloud ensuring metadata is minimised and protected. In addition to private SaaS deployment, we also offer an on-premises solution for those who want complete control, allowing customers to store metadata on their own servers. Our solutions not only protect the content of communications, but also consider the broader aspects of securing your data and privacy. Consumer apps such as WhatsApp, and even Signal, do not protect metadata to the same degree.

For more information about the value of metadata read our blog: What does your smart phone say about you?

Secure comms when handling a major security incident

NCSC advises that a key step for preparing communications strategy as part of incident response is to set up an alternative communications channel, i.e. one that does not rely on the organisation’s usual channels, since these may have been compromised in the attack. NIST SP800.61 also recommends having multiple back up communications solutions in place.

Both NIST and the Digital Operational Resilience Act (DORA) suggest that incident response groups with key contacts/structures are pre-defined and set up in advance, so that communications can begin immediately on the secure channel once an incident occurs. Groups can be internal and external to an organisation, typically including suppliers, law enforcement, internal groups, employees, key stakeholders and the SOC team, etc.

Armour provides a standalone, independently or in-house hosted secure communications platform that is as engaging and easy to use as a consumer-grade app. Armour can ensure that your employees have a solution that keeps data secure, while providing the capability to communicate effectively throughout a major incident.  The Armour secure comms platform delivers:

• Data protection using UK Government and NATO approved tools, Secure by Design/Secure by Default
• One easy-to-implement solution that enables multi-domain integration of communications amongst trusted third parties and stakeholders
• Instant, remote and mobile secure collaboration

Trusted federated communications

Federated, controlled communication between separate instances of the Armour secure comms platform ensures that different organisations, departments, and locations can communicate securely. Data is held within an organisation’s own servers, or in a secure cloud, providing a highly secure, scalable architecture for low to high assurance environments.

Armour Bridge and Armour Connect provide interoperability with third party messaging and voice systems.

For more information about how Armour Comms can help your organisation to safeguard privacy of messaging, voice and video communications, read our Securing Communications Channels Buyer’s Guide, or contact us today sales@armourcomms.com

A blog by our CTO Dr Andy Lilly as part of techUK’s Defence Technology Week

Use of mobile phones has transformed communication, a crucial element of C4ISR.  However, for all the impressive technology in such a tiny device, it opens up military/defence organisations to a range of potential attack vectors including:  IMSI catchers, fake basestations, AI/deepfake impersonation attacks, as well as unsanctioned consumer apps on BYOD devices, any of which could result in leakage of time/mission critical data.

Attacks using old technology still highly effective

Fake base stations and IMSI catchers are an old attack vector, but still in use today and catching out the unwary. This is where mobile phones are ‘fooled’ into locking on to the strongest antenna signal from a fake basestation which then negotiates reduced encryption standards that are easily cracked.

A recent investigation indicated that enemy forces are using this very method via transportable antenna (fake basestations launched via drones) to access data sent by devices, and in some cases to erase information held on phones. As long ago as 2017 soldiers were reporting ‘strange things’ happening to their phones such as contacts disappearing. Indeed, troops and those travelling in ‘unfriendly regimes’ should beware of posting content online, even to restricted profiles visible only to friends, because such posts can easily be accessed by uninvited third parties.

In early March the BBC reported that a European government admitted to a hack of a military meeting where officers discussed use of long-range missiles, and their possible targets. https://www.bbc.co.uk/news/world-europe-68457087.  The hack was helped in part by the fact that the participants were not using a secure communications channel.

AI generated impersonation-based attacks an increasing threat

The growth of artificial intelligence (AI) generated deepfakes for impersonation-based attacks is becoming more prevalent.  Video calls are becoming so believable that in February a finance worker in a multinational company was duped into paying out $25 million after a video call with a deepfake chief financial officer.   Not only was the CFO on the call a deepfake, so were all the other participants, all of whom were known to the finance worker.

Identity-based encryption – know who you are communicating with

One way that military organisations, or any other organisation for that matter, can protect against these threats is to use a secure communications platform that utilises identity-based encryption. Protocols such as the NCSC’s MIKEY-SAKKE ensure that people can be confident that they are communicating with who they think they are and not an impostor, however clever their fakery.

As these recent attacks demonstrate all too vividly, organisations of every shape and size in both public and commercial sectors need to take the cyber security of their communications seriously.  This means banning the use of unsanctioned shadow IT for business purposes. A built-for-purpose, Secure by Design (SbD) secure comms platform can provide an engaging user experience to rival any consumer app, plus the ability to manage and control the organisation’s data centrally.

Protect data sovereignty

Whether deployed on-premises (on in-house servers), or as a secure hosted solution, an enterprise-grade secure comms platform that covers voice calls, instant messaging and video conferencing ensures data sovereignty. This is where data stays on sovereign soil, something that some tech giants can’t guarantee, even for UK Government users. It also ensures data separation, no mixing of data, be that of different classifications of data, or business and personal, even on BYOD devices.

In short, a secure communications platform can protect military and other sensitive communications even in hostile conditions. Users and their data are managed centrally, meaning users can be confident that they are communicating with who they think they are, and not an adversary.

NatWest Group takes shadow IT seriously and has blocked employees from using WhatsApp, Facebook Messenger and Skype for business communications.

The BBC has reported that NatWest Group has blocked messaging services WhatsApp, Facebook Messenger and Skype on company devices in the UK to stop staff using them to communicate with each other.  While the company had previously stated that staff should only use official communications channels to discuss business, it has now gone one step further and removed access to the apps on corporate devices, which implies there was still a high level of staff misuse of such “shadow IT” to share sensitive data.

Financial institutions face $2.8bn in fines

This is in direct response to the growing pressure from industry regulators to stamp out the use of unsanctioned channels, where banks in the US have been handed fines worth more than $2.8bn (£2.2bn) during the past few years over record-keeping rules – where workers’ historical messages could not be retrieved from some messaging services. Our previous blog More banks fined total of $81million for record keeping contraventions gives more detail.

Concerns over the use of unofficial communications channels in public life have been growing with calls for UK MPs and civil servants to stop using consumer apps for very similar reasons, in that there is no oversight of business nor official discussions. The topic of MPs mysteriously (and conveniently) ‘losing’ messages is discussed in our blog: More instances of Ministers’ disappearing messages!

WhatsApp makes it easier to defraud citizens

The use of consumer apps such as WhatsApp has seeped into business, meaning that boundaries have become blurred. People are now unsurprised to be contacted for ‘work purposes’ via a consumer app; however, this practice makes it much easier for criminals to defraud people. Scams where victims are defrauded out of thousands of pounds are receiving increased media coverage on consumer interest programmes. For example, a recently introduced feature of WhatsApp that allows screen sharing is now being used by criminals to manipulate people into moving cash from one account to another, resulting in their money being stolen.  The BBC has covered the story across a range of media channels: ‘WhatsApp screen sharing scam lost me £20,000’

Business communications culture needs to shift

In short, business culture needs to change. Important business contacts and customers should not be contacted via unmanaged and untrusted consumer chat apps. Using such casual methods of communication fosters a lax approach to security.  And while their use might be convenient, they are certainly not safe or secure, as these recent stories clearly demonstrate.

Organisations do not need to use unmanaged, ungovernable communications channels, as there are alternatives that provide enterprise features and suitable security for handling business conversations.

Enterprise communication platforms that authenticate users are hard to spoof

Such apps, like Armour Mobile, which uses identity-based encryption, enable people to be confident that they are communicating with who they think they are communicating with. This stops imposters, scammers and criminals from spoofing their way into business conversations.

The rise of AI and deepfakes is another trend that is increasing rapidly which is being exacerbated by mass-adoption messaging and collaboration apps that have very little in the way of user authentication and security.

Our on-demand webinar shows examples of just how convincing these deepfakes can be, and gives some advice as to what organisations can do to mitigate the threat:  LINK to Webinar

To read more about what you should be looking for in a Secure Communications Platform read our buyer’s guide: https://www.armourcomms.com/2023/06/29/securing-communications-channels-a-buyers-guide/