Blog

In today’har busy world, convenience seems to outweigh consequence, especially with how people use their mobile devices. Using free public Wi-Fi networks, for example, comes with any number of serious security risks, yet surveys show that the overwhelming majority of Americans do it anyway. In a study by privatewifi.com, a whopping three-quarters of people admitted to connecting to their personal email while on public Wi-Fi.

It isn’t hard to see that a few moments of online convenience are far outweighed by your money or financial information being stolen, or by suffering the embarrassment of your personal information being publicly released. According to a recent opinion poll, more people are leery of public Wi-Fi networks than of public toilet seats (a promising sign). But an interesting experiment, conducted at the 2016 Republican and Democratic National Conventions, showed attendees’ true colors. At each convention, private entities provided visitors with free public Wi-Fi networks (for social science purposes). Around 70% of people connected to the nonsecure Wi-Fi networks at both conferences.

There are dozens of online tutorials showing hackers how to compromise public Wi-Fi, some of them with millions of views. The most common method of attack is known as “Man in the Middle.” In this simple technique, traffic is intercepted between a user’s device and the destination by making the victim’s device think the hacker’s machine is the access point to the internet. A similar, albeit more sinister, method is called the “Evil Twin.” Here’s how it works: You log on to the free Wi-Fi in your hotel room, thinking you’re joining the hotel’s network. But somewhere nearby, a hacker is boosting a stronger Wi-Fi signal off of their laptop, tricking you into using it by labeling it with the hotel’s name. Trying to save a few bucks, and recognizing the name of the hotel, you innocently connect to the hacker’s network. As you surf the web or do your online banking, all your activity is being monitored by this stranger.Still not convinced of the risks? Here’s a story that should worry business travelers in particular. In 2014 experts from Kaspersky Lab uncovered a very sophisticated hacking campaign called “Dark Hotel.” Operating for more than seven years and believed to be a sophisticated economic espionage campaign by an unknown country, Dark Hotel targeted CEOs, government agencies, U.S. executives, NGOs, and other high-value targets while they were in Asia. When executives connected to their luxury hotel’s Wi-Fi network and downloaded what they believed were regular software updates, their devices were infected with malware. This malware could sit inactive and undetected for several months before being remotely accessed to obtain sensitive information on the device.

What is the best way to protect yourself against these kinds of Wi-Fi threats? Although antivirus protection and firewalls are essential methods of cyber defense, they are useless against hackers on unsecured Wi-Fi networks. Consider the following seven security tips to keep prying eyes out of your devices:

• Don’t use public Wi-Fi to shop online, log in to your financial institution, or access other sensitive sites — ever
• Use a Virtual Private Network, or VPN, to create a network-within-a-network, keeping everything you do encrypted
• Implement two-factor authentication when logging into sensitive sites, so even if malicious individuals have the passwords to your bank, social media, or email, they won’t be able to log in
• Only visit websites with HTTPS encryption when in public places, as opposed to lesser-protected HTTP addresses
• Turn off the automatic Wi-Fi connectivity feature on your phone, so it won’t automatically seek out hotspots
• Monitor your Bluetooth connection when in public places to ensure others are not intercepting your transfer of data
• Buy an unlimited data plan for your device and stop using public Wi-Fi altogether

Source: Why You Really Need to Stop Using Public Wi-Fi

Google said it has disabled offending accounts involved in a widespread spree of phishing emails today impersonating Google Docs.The emails, at the outset, targeted journalists primarily and attempted to trick victims into granting the malicious application permission to access the user’s Google account. It’s unknown how many accounts were compromised, or whether other applications are also involved. Google advises caution in clicking on links in emails sharing Google Docs.

The messages purport to be from a contact, including contacts known to the victim, wanting to share a Google Doc file. Once the “Open in Docs” button is clicked, the victim is redirected to Google’s OAUTH2 service and the user is prompted to allow the attacker’s malicious application, called “Google Docs,” below, to access their Google account and related services, including contacts, Gmail, Docs and more.

Source: Google Shuts Down Docs Phishing Spree | Threatpost | The first stop for security news

The Dark Overlord attempted to extort plenty of companies before targeting Netflix.

Last week, a hacker or group of hackers dumped apparent full episodes of Orange Is the New Black after Netflix allegedly declined to pay a ransom, and has threatened to release a number of other shows too, including Celebrity Apprentice, New Girl, and The Catch. But this was only the latest move from the group. Known as The Dark Overlord, the hackers have established themselves with a dizzying number of data breaches, often stealing mountains of sensitive corporate and personal data.

For nearly a year, Motherboard and a handful of other journalists have followed The Dark Overlord, and watched it evolve from a group learning how to manipulate the media to aid in extortion attempts, to a ruthless and apparently organized criminal enterprise, albeit one whose ultimate financial success is unclear.

Source: Meet the Hackers Holding Netflix to Ransom – Motherboard