Salt Typhoon and the Hybrid Digital Workforce: Ongoing Risk and What It Means for UEM
It’s long been understood that a Unified Endpoint Management (UEM) tool simplifies IT network operations by centralizing the monitoring, managing, and securing of all endpoints. But in light of recent telecom breaches, we must re-consider the shape that UEM needs to take. This blog looks at how we can adapt to the ongoing risk to data — while studying that risk through the lens of secure communications.
Why Salt is Bad for Your Blood Pressure
During the final months of 2024, the internet and media were awash with reports that the Chinese-backed ‘Salt Typhoon’ successfully infiltrated western — primarily US based — telecom companies. This adversary is targeting telecom providers by establishing a presence that allows them to steal caller records and intercept calls. At the same time, they obfuscated their actions, so they stayed dark and undetected for up to two years. This type of “salt” increased the blood pressure for more than a few cybersecurity leaders and governments.
How does it affect my company?
The scale, breadth and duration of this protracted campaign of infiltration into network and edge infrastructure, including no less than 8 of the main U.S. telecom providers, and by extension also those in other Western countries, is of universal concern.
Numerous governments have issued advisories, including the US Cybersecurity and Infrastructure Security Agency (CISA). CISA’s guidance suggests using encrypted messaging apps and encrypted voice calls, elevating these practices as a critical requirement for most companies, not just those in highly regulated industries. If you hold customer data, you are required to protect that data.
During the two years of exposure to-date, attackers have been able to harvest call records for millions of subscribers along with telemetry that helps them identify patterns of activity, collaborators, and suppliers. This metadata can be cross-referenced against other public information to identify detailed records of activity that can be used in a variety of malicious ways that extend beyond espionage:
- Threat actors can use this data to construct elaborate and convincing identity spoofing and targeted spear phishing campaigns.
- They can also use selected data, such as call records or activity/location data, to blackmail or otherwise extort their targets into paying the attackers.
- The credentials stolen and other data gathered have also been used to compromise sensitive information, such as the recent illegal access to records of legal cases and prosecutions in the US.
This leads to a critical question: At this point, is there any way to tell which devices may have been compromised or which services are at risk of abuse? The answer is currently elusive.
And what’s more, U.S. officials recently stated that they remain unsure whether the attackers are purged from all the impacted systems.
What’s Next?
As things stand now, we should operate as if public communications tools will always traverse compromised networks and we should understand that attackers do not need to decrypt actual messages or calls, they can obtain and leverage metadata.
It is therefore not so much a case of which services to avoid, but rather, how not to expose sensitive data on any of them. We must take steps to reduce the risk and increase the protection of data at both the individual and corporate levels.
Here are some key ideas to consider, including the increased importance of UEM for security:
- Now is a good time to examine your corporate guidance and policies around which services may or may not be used for specific purposes. This is often based on data classification.
- For data that must remain private and secure, we suggest only using certified secure communications tools that provide private, end-to-end encrypted communications.
- Using a comprehensive UEM toolset can also greatly reduce your risk of corporate data exposure, by allowing you to easily limit access to services you consider high-risk.
- For organizations where employees utilize their own devices, a robust UEM tool is also essential to separate personal data and protect all essential and sanctioned corporate activity, apps and data from possible compromises of data and leakage. UEM tools enhanced by secure communications help you easily achieve this.
- For situations where individuals must exchange sensitive information with collaborators, suppliers and third parties, it is essential to ensure that this takes place only using secure communications tools that are simple to use. This reduces employee temptation to use other public services to exchange and store data. Shadow IT puts organizational data at greater risk.
Together, these strategies and tools can greatly reduce risk.
BlackBerry: Still Known for Secure Communications
BlackBerry has a rich history of providing secure mobile communications, and we continue to secure today’s hybrid digital workforces all over the planet. BlackBerry® UEM boosts productivity, is praised by customers, and helps ensure your data is secure, end-to-end, which eliminates potential MITM (man-in-the-middle) attacks.
BlackBerry UEM helps you achieve the following:
- Proactively defend data against threats before they reach your endpoints.
- Ensure secure network data and provide advanced inbound protection against unsecured connections.
- Eliminate the risk of Denial of Service (DoS) attacks with robust security measures.
- Safeguard your data both in transit and at rest with comprehensive encryption.
- Experience total cybersecurity coverage for all workflows, on any device, anywhere.
And your organization can easily enhance secure communications with BlackBerry Messenger (BBMe) and SecuSUITE to stay better protected from threats such as those posed by Salt Typhoon and Volt Typhoon.
All of this means that if you are an IT, security, or risk leader, you no longer need to suffer increased blood pressure when new threats emerge, even if entire telecommunications networks are tainted with threats like Salt Typhoon. A little more reasoning — and a little less seasoning — is the order of the day.
Season’s greetings, one and all, and easy on the “salt” exposure!
This is the final blog in our series on the hybrid digital workforce — and workplace. See the others, below.