“Do not use SMS as a second factor for authentication. SMS messages are not encrypted—a threat actor with access to a telecommunication provider’s network who intercepts these messages can read them. SMS MFA is not phishing-resistant and is therefore not strong authentication for accounts of highly targeted individuals.” This guidance, posted online by The Cybersecurity and Infrastructure Security Agency (CISA) on December 18, 2024 and includes best practices for protecting “highly targeted individuals.”.
December 19, 2024 : Gizmondo is reporting that hackers aligned with the Chinese government have infiltrated U.S. telecommunications infrastructure so deeply that it allowed the interception of unencrypted communications on a number of people, according to reports that first emerged in October. The operation, dubbed Salt Typhoon, apparently allowed hackers to listen to phone calls and nab text messages, and the penetration has been so extensive they haven’t even been booted from the telecom networks yet.
Back in October 2024, The Washington Post reported that all the major U.S. carriers, including AT&T, Verizon, and T-Mobile, were impacted. Incredibly, the hackers are still inside the U.S. system and there’s no obvious way to get them out that doesn’t involve physically replacing old equipment.
And, in November, the New York Times was reporting on how China’s hacking reached deep into the U.S. Telecoms.
If you use text messages for multi-factor authentication, you should probably switch to a different method, especially with everything we’re learning about a recent hack that’s been dubbed the worst hack in our nations history.
The Cybersecurity and Infrastructure Security Agency (CISA) issued guidance this week on best practices for protecting “highly targeted individuals,” which includes a new warning about text messages.
Screenshot: page 1 of 5 of The Cybersecurity and Infrastructure Security Agency (CISA) issued guidance of December 18, 2024
“This is massive, and we have a particularly vulnerable system,” Senator Mark Warner, a Democrat from Virginia and also chairman of the U.S. Senate Intelligence Committee told the Post. “Unlike some of the European countries where you might have a single telco, our networks are a hodgepodge of old networks. […] The big networks are combinations of a whole series of acquisitions, and you have equipment out there that’s so old it’s unpatchable.”
Hundreds of organizations were notified of potential Salt Typhoon compromise
Some of the vulnerabilities exploited by Salt Typhoon go back to 2018, according to a second congressional aide familiar with the hack. Patches were issued, but the telecom companies never implemented them, that aide added.
The hacking unit exploited openings in Ivanti, Fortinent, Sophs and Microsoft Exchange Server systems, according to a Dec. 18 blog post from cyber intelligence firm Armis.
READ MORE AT THESE PRIMARY SOURCES :
https://www.nextgov.com/cybersecurity/2024/12/hundreds-organizations-were-notified-potential-salt-typhoon-compromise/401843/ DECEMBER 23, 2024
https://gizmodo.com/feds-warn-sms-authentication-is-unsafe-after-worst-hack-in-our-nations-history-2000541129 December 19, 2024
https://www.cisa.gov/sites/default/files/2024-12/guidance-mobile-communications-best-practices.pdf December 18, 2024
https://gizmodo.com/china-wiretaps-americans-in-worst-hack-in-our-nations-history-2000528424 November 22, 2024
https://www.nytimes.com/2024/11/21/us/politics/china-hacking-telecommunications.html#commentsContainer November 22, 2024
https://www.washingtonpost.com/national-security/2024/11/21/salt-typhoon-china-hack-telecom November 21, 2024
https://www.wsj.com/tech/cybersecurity/u-s-wiretap-systems-targeted-in-china-linked-hack-327fc63b October 5, 2024
