Bylines

Malicious Hackers Go to Work as We Gear Up for International Travel

Article by: Teong Eng Guan, Regional Director, Southeast Asia and Korea, Check Point Software Technologies

Despite airport delays, rising costs and continued uncertainty over COVID-19, international travel is expected to surge 11% above pre-pandemic levels. In their rush to catch up on what, for some, is their first holiday in three years, travellers are likely to let their guard slip when it comes to cyber security and take risks with their online activity that they would not contemplate when sitting at a workstation. Cyber criminals are well aware of this vulnerability and, if anything, step up their efforts over the peak vacation period.

According to Check Point Research (CPR) Threat Intelligence Report, the global average number of weekly attacks on organisations in travel and leisure has gone up by 60% in June 2022 compared with the first half of June 2021. In the period May to August 2021, attacks in these sectors saw a 73% rise and this year is likely to see a similar spike with one of the key trends being hackers impersonating established brands with phishing attacks, as holidaymakers look for last-minute breaks and late availability travel, hotel and attraction deals. 

A holidaymaker clicking on a phishing email or exposing their login details over an unsecured public Wi-Fi connection could present a personal risk, in terms of credentials theft, and also lead to financial loss. However, there is also an even more serious risk to their employers. The trend towards so-called hybrid holidays, where people work remotely for part of the vacation, makes this an even more realistic threat.  Personal laptops, tablets or mobiles will often provide easy access for criminals into corporate networks, especially if Bring-Your-Own-Device (BYOD) devices have not been adequately secured.

Meanwhile corporate networks themselves are more vulnerable at this time of year or indeed around long weekends and public holidays throughout the year. With security operations teams working at reduced staffing levels, cyber-attacks can go undetected until it’s too late and the damage has been done. A typical example of this was the ransomware attack on the Kaseya network on July 4th last year by the Russian speaking REvil criminal gang which impacted over 1000 organisations around the world in addition to around 15 similar attacks per week over May and June according to CPR. 

For many of us, this may be the first time we’ve travelled abroad since the pandemic and as such there may be certain elements of our travel routines that we may have forgotten about, including our cybersecurity hygiene habits. This is music to the ears of opportunistic hackers looking to take advantage of laid-back attitudes and unprotected devices. This presents a risk to the individual and, in our hyper-connected world, to any organisation they communicate with, including their employer.

By planning ahead, individuals can look forward to their vacation, knowing that they have taken the simple but necessary precautions to secure their devices while at the same time protecting the networks of their employers.
Check Point Software put together top 10 tips to help consumers stay safe during your vacation:

  1. Treat public Wi-Fi spots with caution.  Free Wi-Fi access is appealing, but it can also pose some serious security threats. It’s not uncommon for hackers to sit at airports, waiting for travellers to go onto public Wi-Fi networks, so that they can prey on the unsuspecting travellers. Avoid unsecured Wi-Fi networks completely if possible but if you must use them, avoid accessing personal accounts or sensitive data while connected to those networks. 
  2. Beware of “shoulder” surfers. The person sitting next to you on your plane or while you’re waiting for your plane to board could have malicious intent. Someone can be looking over your shoulder while you enter in credit card details or while you’re logging into social media. It’s smart to get a screen privacy protector, which can help hide your information from prying eyes. 
  3. Double-check the websites you book travel on. Travel-related cyberattacks can occur even before the trip begins, so it’s crucial that you verify the travel website you use. Scammers like to imitate authentic sites, and pretend to offer luxury vacations or discounted trips, to steal your personal information. If a deal looks or sounds too good to be true, it probably is. Before moving forward, research the company offering the deal extensively. Use a credit card for travel transactions rather than your debit card. Credit card companies often have fraud protections in place should you fall victim to cybercrime, whereas with a debit card, your money is likely gone.  
  4. Beware of language problems. In this instance, we’re not talking about mastering the local dialect, but instead keeping an eye out for any misspellings or grammatical errors as well as authoritative phrases that are pushing you to make snap decisions, as this could indicate that something isn’t quite right. This is because cyber criminals rely on people not taking the time to look at the small details that can signal an email or message isn’t legitimate. To keep yourself protected, always take an extra moment to authenticate a message, especially if it is trying to get you to reset login details as once a hacker has access, it will not take long until they cause damage. 
  5. Never share your credentials. Most people reuse the same usernames and passwords across multiple online accounts which is why credentials theft is a common goal of phishing scams. As a result, you should be extra cautious anytime you are asked for your login details. Phishing emails/messages commonly will duplicate well-known brands, impersonate customer support specialists, or even impersonate your employer. To keep your accounts secure, never share your credentials over email or text messages and only enter them online to access services once you have authenticated the website by going direct from your chosen browser. 
  6. Turn off automatic Wi-Fi/Bluetooth connections. It may be a default setting on your smart phone to automatically connect to an available Wi-Fi or Bluetooth network, which may allow threat actors to gain access to your device. Ensure that this feature is disabled to deter cybercriminals from compromising your device.  
  7. Use multi-factor authentication. When on holiday, you may have to gain access to important services that contain confidential or financial data. To keep yourself safe, use a multi-factor authentication (MFA) process to make sure that you are the only person able to access those services and are notified if an unauthorised person is attempting to log in.  
  8. Download the latest security patches. Before getting ready to leave for your trip, make sure that all of your devices have been updated with the latest security updates. This will keep them protected from the latest known threats. 
  9. Keep up to date with the latest scams. It is good practice to do some research on the latest scams that are circulating to keep you from falling for any tricks that threat actors may use to spread ransomware. Remember that not all scams are based on email phishing and you could still be compromised into giving away your credentials over the phone or by SMS. 
  10. Be suspicious of cash machines. Avoid withdrawing money from cash machines as hackers, especially in tourists’ areas, are known to plug in credit card credential stealers on standalone ATM machines. If it is necessary to use one, find an official bank machine, preferably one located within your trusted bank’s lobby. 

CSA Editorial

Launched in Jan 2018, in partnership with Cyber Security Malaysia (an agency under MOSTI). CSA is a news and content platform focusing on key issues in cybersecurity in the region. CSA is targeted to serve the needs of cybersecurity professionals, IT professionals, Risk professionals and C-Levels who have an obligation to understand the impact of cyber threats.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *