November Monthly Roundup

December 5, 2014

This November, Kaspersky Lab brought you a number of insightful industry reads and breaking security news stories. From the Darkhotel APT attacks, to how to increase the battery life of your iPhone, we kept you in the know. Did you miss any of our November posts? Don’t panic, we’ve got the highlights for you right here!

Best-posts

Darkhotel: A Spy Campaign in Luxury Asian Hotels

This November, Kaspersky Lab detailed the discovery of a spy network, dubbed ‘Darkhotel’, which has been active for seven years in a number of luxury Asian hotels. The attacks work something like this: the Darkhotel threat actor compromises certain hotels that attract high-level, traveling business execs. After checking into the hotel, the executive tries to connect to Wi-Fi (which requires a surname and room number). The attackers will offer an update for legitimate software, which will also install a backdoor. Finally, once the attackers are in, they can use a set of tools to collect data, find passwords and steal login credentials.

Kurt Baumgartner, Principal Security Researcher at Kaspersky Lab, perhaps explained it best when he said, “For the past few years, a strong actor named Darkhotel has performed a number of successful attacks against high-profile individuals, employing methods and techniques that go well beyond typical cybercriminal behavior. This threat actor has operational competence, mathematical and crypto-analytical offensive capabilities, and other resources that are sufficient to abuse trusted commercial networks and target specific victim categories with strategic precision.”

Did he just pique your interest? We suggest you read the rest of the article to learn more about the threat and how Kaspersky Lab’s products detect and neutralize the malicious programs and their variants used by the Darkhotel toolkit. 

Five Lessons I’ve Learned from Having my Credit Card Hacked

Scammers are particularly good at bypassing the security measures we put in place and can even compromise ATMs and large retailers’ systems.

Have you ever received a notification from your bank or credit card company about a purchase that you clearly did not make? It can certainly be a scary moment but you do not have to feel powerless. Below are the five lessons learned through personal experience:

  1. Promptness is essential. The faster you can react, the more likely you are to get your money back. SMS notifications are great for this.
  2. All types of insurance will do. Each and every level of extra protection that you use will make the scammer’s job that much harder.
  3. Precaution is not a cure-all. Scammers are particularly good at bypassing the security measures we put in place and can even compromise ATMs and large retailers’ systems.
  4. The use of credit card scams is an organized crime precedent. While perhaps only one person stole your card, there is a chance that they then resold it to other various criminals.
  5. Always have a back-up plan. Have a number of different cards available for your use, use different payment systems and distribute your budget evenly.

11 Unsecure Mobile and Internet Messaging Apps 

You may want to read this before you send that message you’re typing. We took a look at the Electronic Frontier Foundation’s secure messaging scorecard and made a list of 9 apps that scored well on privacy and 11 that scored poorly. Unfortunately, the apps that scored the worst are also the apps that are the most well known to the general public.

The Nine Most Secure and Private Internet and Mobile Messaging Services

As opposed to the previous list, most of these applications are not well known, though perhaps they should be. For this reason, it may be worth your while to read this article in full and learn more about these secure messaging services.

10 Steps to Boost Your iPhone’s Battery Life

It happens to us all: one minute your smartphone’s battery is fully charged and the next it is near that ‘red line of doom.’ The reason why is simple. By default, your phone is set to give you the best performance while disregarding energy efficiency. For this reason, we want to share with you 10 important tips that can help extend the life of your iPhone’s battery.

  1. Adjust the brightness of your screen to approximately 30-40% of the maximum.
  2. Turn off Bluetooth when it is not necessary.
  3. Turn on “flight mode” in areas where you know there is no cellular coverage.
  4. Do not let every app track your GPS location.
  5. Use Wi-Fi networks whenever possible or stick to using 3G as opposed to LTE.
  6. Do not have your phone set to fetch new data in real-time, stick to push or manual options instead.
  7. Close out any apps that may be running in the background.
  8. Switch off automatic downloads.
  9. Limit your list of apps that are allowed to ‘background refresh.’
  10. Lastly, get rid of any push notifications for apps that are not in charge of communication, related to security or critical for consistency. 

Protect Your Android: 10 Tips for Maximum Security

The open and flexible nature of the Android mobile OS is what made it a leader in the mobile market, but it is also the basis for the notorious fragmentation issue that is often mentioned. While Android versions may differ, we have aggregated some general tips to ensure that your Android device is ultimately more secure.

  1. Only download applications from the Google Play store.
  2. Check the permissions that an application is seeking to use to make sure that they are appropriate for that app.
  3. Use strong passwords!
  4. Encrypt all of the data on your phone so even if it is lost or stolen, the data cannot be accessed.
  5. Try to avoid public Wi-Fi hotspots and run a regular audit of your remembered Wi-Fi networks list.
  6. Always use VPN, especially when using a public hotspot or an untrusted network connection.
  7. Disable notifications that are likely to pop up even when your screen is locked.
  8. Apply settings to Google services that will limit the information at risk should there be a data leak.
  9. Rid yourself of unnecessary apps. More apps mean more risk.
  10. And finally, use two-factor authentication for Google and other apps to ensure maximum user account security.