Calling all high-risk individuals: Ensure you’re taking adequate steps to secure your personal devices and accounts against hacking, tampering and other types of interference.
Britain’s National Cyber Security Center is warning that criminals and nation-state hacking groups, confronted with well-managed corporate cybersecurity defenses, have turned their sights to individual personal devices and accounts.
“In recent years there have been a number of targeted cyberattacks against high-risk individuals in the U.K., to attempt to gain access to their accounts and devices,” says the alert from the NCSC, the public-facing arm of signals intelligence agency GCHQ – a sister agency to the U.S. National Security Agency.
“This has resulted in the theft and publication of sensitive information, which can also cause reputational damage.”
The cyber agency said its alert comes on the heels of highly targeted attacks. “This is not a mass campaign against the public but a persistent effort to target people whom attackers consider to hold information of interest,” says its guidance for high-risk individuals.
The NCSC defines high-risk individuals in a cybersecurity context as anyone whose “work or public status means you have access to, or influence over, sensitive information that could be of interest to nation-state actors.” This includes anyone who works in the political sphere, including elected legislators, candidates, staff, and activists as well as academics, lawyers, journalists and human rights groups.
Hackers typically pick the fastest, easiest and least technical strategy required to achieve their goal, and that increasingly includes targeting not just high-profile individuals but also their families, said Chris Pierson, the CEO and founder of cybersecurity firm BlackCloak.
“We saw this really increase in 2022 with attacks on personal cell numbers and emails in the Twilio, Uber and Zendesk attacks,” he said. “We saw, publicly, executives being targeted in association with attacks on large companies like MGM and Dragos.”
Among the NCSC’s recommendations:
- Activate two-step verification: Use multifactor authentication wherever possible to make email, social media and financial accounts tougher to compromise;
- Review social media use and settings: “Consider maintaining separate professional and personal social media accounts,” not least because any personal or family information revealed online could be used by attackers “to engineer a spear-phishing attack and attempt to gain access to your account and data”;
- Update secure messaging apps: Keep apps such as WhatsApp, Messenger and Signal updated, use two-step verification and “use disappearing messages that automatically delete after a set period – by turning this on you will limit what a successful attacker could access if they do manage to get in”;
- Replace unsupported devices: Replace devices once they no longer receive OS updates, which is typically five years after first release for iOS devices and three years for Android.
Adding to the NCSC’s list, Pierson also recommends that individuals contact their mobile phone carrier to lock down SIM cards for every mobile device they use.
The chief threats are porting fraud, when an attacker transfers the number to another service provider, and SIM swapping, when an attacker transfers the number to a new SIM card. Both can be used to defeat MFA and compromise accounts, including cryptocurrency hot wallets.
Chinese Espionage Alert
In addition to the guidance for high-risk individuals, the NCSC on Monday released guidance for political organizations and organizations coordinating elections, as part of a push to safeguard democratic processes.
The release was timed to coordinate with the British government on Monday accusing the Chinese government of running long-term hacking campaigns and cyber operations targeting the U.K.
The disclosure of Chinese state hacking activities is designed to ramp up international pressure on Beijing, as Britain’s ruling Tory party has indicated it plans to hold a general election later this year, ahead of a January 2025 deadline for doing so.
More than 50 countries have held or will hold high-stakes elections this year.
Cybersecurity experts have been warning that adversaries appear to be ramping up their election interference campaigns, backed by spear-phishing attacks and increased use of generative artificial intelligence tools and deepfake audio and video technology.
(Image courtesy:metatime)