CISA Warns About Mobile App Security
Hackers are targeting messaging apps using commercial spyware, CISA warned earlier this week. They said:
Multiple threat actors have used “sophisticated targeting and social engineering techniques to deliver spyware and gain unauthorized access to a victim’s messaging app,” which then lets them deploy additional malware and acquire deeper access to the target’s phone, CISA said in an alert.
Almost all of these attacks require some user interaction. While there are a few “zero-click” attacks, they are targeted at high value targets, which could, possibly, include people like your CEO or CFO. This is relatively unlikely for most companies.
That means that the weak link in the chain is the end user.
Some of CISA’s recommended practices for end users — most of which cost no money are:
- Only use end-to-end encrypted messaging (like What’s App or Signal). This is one that will make the FBI somewhat upset (or a lot upset) because it makes their life harder. It is one that we strongly recommend.
- Enable FIDO, which is a hardware based MFA technology which is EXTREMELY hard to fool.
- Do not use text message MFA. While it is better than nothing it is the weakest form of MFA.
- Use a password manager
They also have specific tips for iPhone users. We are providing multiple links below to CISA’s alerts and information.
Credit: CISA, CISA, CISA, CISA, Cybersecurity Dive
by 