This November, Kaspersky Lab brought you a number of insightful industry reads and breaking security news stories. From the Darkhotel APT attacks, to how to increase the battery life of your iPhone, we kept you in the know. Did you miss any of our November posts? Don’t panic, we’ve got the highlights for you right here!
Darkhotel: A Spy Campaign in Luxury Asian Hotels
This November, we detailed the discovery of a spy network, dubbed ‘Darkhotel’, which has been active for seven years in a number of luxury Asian hotels. The attacks work something like this: the Darkhotel threat actor compromises certain hotels that attract high-level, traveling business execs. After checking into the hotel, the executive tries to connect to Wi-Fi (which requires a surname and room number). The attackers will offer an update for legitimate software, which will also install a backdoor. Finally, once the attackers are in, they can use a set of tools to collect data, find passwords and steal login credentials.
Read highlights from our most popular #security news posts from November
Tweet
Kurt Baumgartner, Principal Security Researcher at Kaspersky Lab, explained it best when he said, “For the past few years, a strong actor named Darkhotel has performed a number of successful attacks against high-profile individuals, employing methods and techniques that go well beyond typical cyber-criminal behavior. This threat actor has operational competence, mathematical and crypto-analytical offensive capabilities, and other resources that are sufficient to abuse trusted commercial networks and target specific victim categories with strategic precision.”
#Darkhotel: a spy campaign in luxury Asian hotels – https://t.co/RVxkUg1B2K via @kaspersky #security
— Kaspersky (@kaspersky) November 11, 2014
Did he just pique your interest? We suggest you read the rest of the article to learn more about the threat and how Kaspersky Lab’s products detect and neutralize the malicious programs and their variants used by the Darkhotel toolkit.
Five Lessons I’ve Learned from Having my Credit Card Hacked
Have you ever received a notification from your bank or credit card company about a purchase that you clearly did not make? It can certainly be a scary moment but you do not have to feel powerless. Below are the five lessons learned through personal experience:
1. Promptness is essential. The faster you can react, the more likely you are to get your money back. SMS notifications are great for this.
2. All types of insurance will do. Each and every level of extra protection that you use will make the scammer’s job that much harder.
3. Precaution is not a cure-all. Scammers are particularly good at bypassing the security measures we put in place and can even compromise ATMs and large retailers’ systems.
4. The use of credit card scams is an organized crime precedent. While perhaps only one person stole your card, there is a chance that they then resold it to other various criminals.
5. Always have a back-up plan. Have a number of different cards available for your use, use different payment systems and distribute your budget evenly.
"Five lessons I’ve learned from having my credit card hacked" https://t.co/TQHBbK0Oqw
— Eugene Kaspersky (@e_kaspersky) November 13, 2014
11 Unsecure Mobile and Internet Messaging Apps
You may want to read this before you send that message you’re typing. We took a look at the Electronic Frontier Foundation’s secure messaging scorecard and made a list of 9 apps that scored well on privacy and 11 that scored poorly. Unfortunately, the apps that scored the worst are also the apps that are the most well known to the general public.
11 Unsecure Mobile and Internet Messaging Apps https://t.co/ijXhbsZEp3 #security pic.twitter.com/0BEAH3cFAV
— Kaspersky (@kaspersky) November 21, 2014
The Nine Most Secure and Private Internet and Mobile Messaging Services
As opposed to the previous list, most of these applications are not well known, though perhaps they should be. For this reason, it may be worth your while to read this article in full and learn more about these secure messaging services.
9 Most Secure and Private Internet and Mobile Messaging Services https://t.co/30xBpa0kSb #mobileprivacy #security
— Kaspersky (@kaspersky) November 14, 2014
10 Steps to Boost Your iPhone’s Battery Life
It happens to us all: one minute your smartphone’s battery is fully charged and the next it is near that ‘red line of doom.’ The reason why is simple. By default, your phone is set to give you the best performance while disregarding energy efficiency. For this reason, we want to share with you 10 important tips that can help extend the life of your iPhone’s battery.
1. Adjust the brightness of your screen to approximately 30-40% of the maximum.
2. Turn off Bluetooth when it is not necessary.
3. Turn on “flight mode” in areas where you know there is no cellular coverage.
4. Do not let every app track your GPS location.
5. Use Wi-Fi networks whenever possible or stick to using 3G as opposed to LTE.
6. Do not have your phone set to fetch new data in real-time, stick to push or manual options instead.
7. Close out any apps that may be running in the background.
8. Switch off automatic downloads.
9. Limit your list of apps that are allowed to ‘background refresh.’
10. Lastly, get rid of any push notifications for apps that are not in charge of communication, related to security or critical for consistency.
10 steps to boost your #iPhone’s battery life https://t.co/BrqC7ub2FX #Apple pic.twitter.com/byYy1pDwL1
— Eugene Kaspersky (@e_kaspersky) November 20, 2014
Protect Your Android: 10 Tips for Maximum Security
The open and flexible nature of the Android mobile OS is what made it a leader in the mobile market, but it is also the basis for the notorious fragmentation issue that is often mentioned. While Android versions may differ, we have aggregated some general tips to ensure that your Android device is ultimately more secure.
10 tips for maximum #Android #security – https://t.co/bIqSGMj05q pic.twitter.com/j0quFlYNnw
— Kaspersky (@kaspersky) November 7, 2014
1. Only download applications from the Google Play store.
2. Check the permissions that an application is seeking to use to make sure that they are appropriate for that app.
3. Use strong passwords!
4. Encrypt all of the data on your phone so even if it is lost or stolen, the data cannot be accessed.
5. Try to avoid public Wi-Fi hotspots and run a regular audit of your remembered Wi-Fi networks list.
6. Always use VPN, especially when using a public hotspot or an untrusted network connection.
7. Disable notifications that are likely to pop up even when your screen is locked.
8. Apply settings to Google services that will limit the information at risk should there be a data leak.
9. Rid yourself of unnecessary apps. More apps mean more risk.
10. And finally, use two-factor authentication for Google and other apps to ensure maximum user account security.