Home » Cybercriminals also follow us on vacation. And they are more dangerous

Cybercriminals also follow us on vacation. And they are more dangerous

by admin

The last year has been very heavy for all of us due to the pandemic and the desire to put everything behind us and go on vacation is great. Whether you are on the beach or in the mountains we will not be able to help but be connected, to share our experiences with friends, in short, to give up our digital experience. So here we are in search of the nearest WiFi hotspot. Who hasn’t had to send a business message, or have to buy a ticket for a last-minute transfer?

But are we aware of the security risks to which we expose ourselves with incorrect behavior? Identity theft, online fraud, access to insecure networks and the theft of our devices are just some of the misadventures that could happen to us on vacation. At this time of year we are inevitably more exposed, because we are distracted and prone to behaviors that expose us to the action of cybercriminals.

It is therefore easy to download a file from unreliable sources because you are looking for information on a next destination or a coupon to benefit from discounts on transport in the places we visit. Attacks that use documents containing alleged information about the spread of the pandemic in the places we visit and the measures to contain it are also very popular. The documents or links submitted to us are designed to initiate the infection process of our devices and install various types of malware, from ransomware to banking Trojans.

Among the main attack vectors once on vacation, and not only, there are insecure networks, or networks in public places for which access is not required credentials. Unsafe networks could also be WiFi networks made available to guests of luxury hotels, a bed & breakfast, or a yacht club.

See also  10 Tips for Saving Money and Still Feeling Good About Yourself

In fact, an attacker could spy on the online activities carried out by potential victims on these networks, steal sensitive information such as passwords and documents, and could even use the means to implant malicious codes in the devices of unsuspecting customers.

(Fonte Europol)

Cybercriminals could create an ad hoc WiFi network with a similar name to the hotel network to trick unsuspecting guests into connecting. Attacks of this type, also called “Evil Twin” attacks are simple to carry out, sometimes a device hidden in a bag or backpack is enough to set up a WiFi hot spot that is able to capture the credentials of access to the main web services (Gmail, Amazon, and others) once users access it, or serve malicious codes disguised as fake updates for the software used by the victims, such as the browser or Acrobat Reader for reading PDF documents.

If we consider that the devices used by travelers are often also used for communications and access to corporate services, we cannot fail to take note of the increased exposure of companies to cyber threats in this period. Another consideration to make is that the hotel cannot be assimilated to an office because it could use outdated software and systems and therefore affected by flaws that can be easily exploited by an attacker..

So how can we protect our data when we access a public WiFi network of an airport or a hotel?

  • The first tip is to use a virtual private network (VPN). A VPN is a virtual private network that allows users to preserve their privacy and security by creating a secure communication channel, a kind of tunnel (VPN tunnel), over a public network infrastructure. The devices that connect to a VPN can be located anywhere, however access to the same virtual network guarantees them to operate as if connected to the same LAN network. All traffic in transit through the logical tunnel created is protected and therefore not accessible by an attacker, VPNs also allow users to guarantee anonymity.
  • Update the devices you use, install the latest versions of operating systems and software applications, including anti-malware software.
  • Restrict access to accounts containing financial or sensitive data. Enable two-factor authentication for these accounts where available.
  • If you are in the hotel, make sure you connect to the legitimate network of the structure, to do this ask the staff for support by asking for precise instructions for accessing the public WiFi. This way you can significantly reduce the risk of Evil Twin attacks.
  • If you have doubts about the connection, use the mobile hotspot of your smartphone. Connection via your smartphone is recommended for any access to sites that store or require the inclusion of sensitive data, such as online banking or e-mail inbox.
  • Disable information sharing when connecting from a public network. You can disable sharing directly from your system’s Control Panel.
  • Install and use anti-malware solutions on your devices and keep them up to date. Some vendors of these software also provide VPN services built into their software.
  • Do not allow your WiFi device to automatically connect to networks, it is a good idea to disable WiFi or Bluetooth if they are not used.
  • Visiting only sites that use the HTTPS protocol, this is a necessary but not sufficient condition to avoid nasty surprises, in fact we have recently explained that more and more often cyber criminals are using compromised websites or websites that support this protocol in attacks such as phishing and malware attacks.
  • Log out of accounts when finished using them

I just have to wish you happy holidays!

.

You may also like

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More

Privacy & Cookies Policy