84.6% of 21st century vacationers use their mobile devices to check their email, according to Prosper Mobile Insights. The thought of being without a smartphone, tablet or a computer, even while off in a foreign country, is a foreign thought for most of us. And if you’re always connected, you’re always at risk of some online nastiness.
F-Secure Labs has covered the recent discovery of the Flame malware, a cyberweapon that is being used to target very specific users for surveillance purposes. Unless you’re a nuclear scientist or the system administrator of a weapons developer, you’re not likely to be targeted by such advanced malware.
Still regular, everyday cyber criminals will take advantage of any sloppy mistakes you make while relaxing. So let’s get a few security precautions out of the way so you can have a good time.
1. Update your devices before you go.
Make your system software is updated on your PC, smartphone and tablet at home on your safe and secure network. A patched and protected system along with updated security software is your best protection against threats. (Our free Health Check makes that easy.) Avoid taking software updates while on the road, especially while using hotel Wi-Fi. Criminals have used faked updates on hotel Wi-Fi to infect users with malware. If you follow Krebs’s Number One Rule for Staying Safe Online–“If you didn’t go looking for it, don’t install it!”—you’ll be fine.
2. Back up your hard drives and put a remote lock on your phone.
Traveling with the only digital copy of irreplaceable data or media is not a wise choice. Before you leave your house, back up your devices hard drives. (If you don’t have a backup option, you can try our Online Backup for free.) You should also put a software on your phone that gives you the ability to lock a lost phone and erase it if necessary. (Our free Anti-Theft for Mobile does this for Android and Symbian phones.)
3. Use direct DSL or cable connection when you can; if not, use encrypted Wi-Fi with a VPN.
If free public Wi-Fi is your only option and you do not have a VPN, consider yourself watched. Try to use one-time passwords for services that offer them such as Facebook and Hotmail. Using free Wi-Fi or a public computer for shopping and banking is definitely not recommended.
4. Don’t click on links or attachments in email, especially from email you were not expecting.
This is a piece of advice from the Labs that we keep repeating because everyone knows the attachment but the link part is new. Links can lead to scams, which on your phone especially may look as official as any bank website.
5. Be careful about sharing your location.
Most of the fear about sharing location online comes from a very few examples of people being robbed by Facebook friends. The basic rule is don’t tell anyone online that you’re not home who you wouldn’t tell in real life. So you probably don’t want to broadcast your vacation on your public social networks. Why not use email—like we did in the olden days?
Using your devices to improve your vacation is not a problem as long, as you take a few precautions. You earned the chance to rest and relax so enjoy it.
[CC image by gavdana]
When news broke that Facebook was at least temporarily using users physical location to suggest real world connections, a strategy that has been employed by the NSA, the backlash was sharp. It wasn't difficult to imagine scenarios when identities could be inadvertently and uncomfortably revealed through group therapy, 12-step meetings or secretive political movements. The world's most popular social network quickly said it would not continue what it called a small-scale test nor roll the feature on a wider scale in the future. But Facebook is still using your location data for other purposes, Fusion's Kashmir Hill reports: We do know that Facebook is using smartphone location for other things, such as tracking which stores you go to and geotargeting you with ads, but the social network now says it’s not using smartphone location to identify people you’ve been physically proximate to. Hill notes that using location to match users up, thus acting as a tool to reveal the identity of nearby strangers, might violate Facebook's agreement with the Federal Trade Commission . So you should expect that your location -- like everything you do on Facebook -- is being used to turn you into a better product for its advertisers. That's the cost of using a "free" site but you can limit your exposure a bit by turning off location services for Facebook on your phone. Here's very simple instructions for turning off location services on your Facebook and Facebook Messenger apps on your Android of iOS device. Do you mind if Facebook uses your location to suggest new friends? Let us know in the comments. [Image by Lwp Kommunikáció | Flickr]
The Sony hack of late 2014 sent shock waves through Hollywood that rippled out into the rest of the world for months. The ironic hack of the dubious surveillance software company Hacking Team last summer showed no one is immune to a data breach - not even a company that specializes in breaking into systems. After a big hack, some of the first questions asked are how the attacker got in, and whether it could have been prevented. But today we're asking a different question: whether, once the attacker was already in the network, the breach could have been detected. And stopped. Here's why: Advanced attacks like the ones that hit Sony and Hacking Team are carried out by highly skilled attackers who specifically target a certain organization. Preventive measures block the great majority of threats out there, but advanced attackers know how to get around a company's defenses. The better preventive security a company has in place, the harder it will be to get in…but the most highly skilled, highly motivated attackers will still find a way in somehow. That's where detection comes in. Thinking like an attacker If an attacker does get through a company's defensive walls, it's critical to be able detect their presence as early as possible, to limit the damage they can do. There has been no official confirmation of when Sony's actual breach first took place, but some reports say the company had been breached for a year before the attackers froze up Sony's systems and began leaking volumes of juicy info about the studio's inner workings. That's a long time for someone to be roaming around in a network, harvesting data. So how does one detect an attacker inside a network? By thinking like an attacker. And thinking like an attacker requires having a thorough knowledge of how attackers work, to be able to spot their telltale traces and distinguish them from legitimate users. Advanced or APT (Advanced Persistent Threat) attacks differ depending on the situation and the goals of the attacker, but in general their attacks tend to follow a pattern. Once they've chosen a target company and performed reconnaissance to find out more about the company and how to best compromise it, their attacks generally cover the following phases: 1. Gain a foothold. The first step is to infect a machine within the organization. This is typically done by exploiting software vulnerabilities on servers or endpoints, or by using social engineering tactics such as phishing, spear-phishing, watering holes, or man-in-the-middle attacks. 2. Achieve persistence. The initial step must also perform some action that lets the attacker access the system later at will. This means a persistent component that creates a backdoor the attacker can re-enter through later. 3. Perform network reconnaissance. Gather information about the initial compromised system and the whole network to figure out where and how to advance in the network. 4. Lateral movement. Gain access to further systems as needed, depending on what the goal of the attack is. Steps 2-4 are then repeated as needed to gain access to the target data or system. 5. Collect target data. Identify and collect files, credentials, emails, and other forms of intercepted communications. 6. Exfiltrate target data. Copy data to the attackers via network. Steps 5 and 6 can also happen in small increments over time. In some cases these steps are augmented with sabotaging data or systems. 7. Cover tracks. Evidence of what was done and how it was done is easily erased by deleting and modifying logs and file access times. This can happen throughout the attack, not just at the end. For each phase, there are various tactics, techniques and procedures attackers use to accomplish the task as covertly as possible. Combined with an awareness and visibility of what is happening throughout the network, knowledge of these tools and techniques is what will enable companies to detect attackers in their networks and stop them in their tracks. Following the signs Sony may have been breached for a year, but signs of the attack were there all along. Perhaps these signs just weren't being watched for - or perhaps they were missed. The attackers tried to cover their tracks (step 7) with two specific tools that forged logs and file access and creation times - tools that could have been detected as being suspicious. These tools were used throughout the attack, not just at the end, so detection would have happened well before all the damage was done, saving Sony and its executives much embarrassment, difficult PR, lost productivity, and untold millions of dollars. In the case of Hacking Team, the hacker known as Phineas Fisher used a network scanner called nmap, a common network scanning tool, to gather information about the organization’s internal network and figure out how to advance the attack (step 3). Nmap activity on a company internal network should be flagged as a suspicious activity. For moving inside the network, step 4, he used methods based on the built-in Windows management framework, PowerShell, and the well-known tool psexec from SysInternals. These techniques could also potentially have been picked up on from the way they were used that would differ from a legitimate user. These are just a few examples of how a knowledge of how attackers work can be used to detect and stop them. In practice, F-Secure does this with a new service we've just launched called Rapid Detection Service. The service uses a combination of human and machine intelligence to monitor what's going on inside a company network and detect suspicious behavior. Our promise is that once we've detected a breach, we'll alert the company within 30 minutes. They'll find out about it first from us, not from the headlines. One F-Secure analyst sums it up nicely: "The goal is to make it impossible for an attacker to wiggle his way from an initial breach to his eventual goal." After all, breaches do happen. The next step, then, is to be prepared. Photo: Getty Images