As Covid-19 infection rates shift and countries re-open their borders for tourism, travel in some places has returned at an even higher rate than pre-pandemic. With expanding travel comes expanding cyber risks, and it is as important as ever for those heading abroad this summer to practice cyber hygiene.
In this Q&A with Jonas Walker, a Security Strategist with Fortinet’s FortiGuard Labs, he offers his insight into how to stay safe and avoid attacks from threat actors while traveling in today’s cyber world.
Cyber hygiene is like personal hygiene, it's all about having a daily routine. That includes good practices to ensure that your environment stays clean, especially when traveling.
When you travel, you typically carry a device, a computer or smartphone, with you. These devices are known as endpoints. The nature of endpoints is that they connect to different networks, whether that be a hotel, a corporate network, public Wi-Fi, or at a conference. Endpoints are thus the last stage of a network, making them the most at risk.
For example, if you travel with your laptop, and then you come back to your own environment, your computer, which has been connected to a lot of different devices, is now being brought back to your own network where it's connected to your own servers, and your own infrastructures. And if while you were traveling, your endpoint device was infected with malicious software like viruses, there's a chance you could infect your corporate network.
If threat actors can gain access to your specific device, then they can gain access to your corporate network. With this, threat actors have a foot inside the network, which allows them to move laterally through the networks and scan the network from inside. This often leads to ransomware down the line at the later stage of an attack.
Threat actors are ahead of the curve; they always have been. The better they are prepared, the more likely they will be successful.
What we’re seeing from attackers, is that they are closely monitoring how people are behaving differently than they used to with the world changing. So, for example, when travel opens up, they are monitoring what that means, with regards to what people are doing and their behaviors. Sometimes travelers forget the very basics of staying cyber safe, and that's why it's really good to remember the importance of cyber hygiene.
We have seen just in the last couple of weeks different kinds of phishing campaigns leveraging the fact that people are traveling again. One example that we released recently, is phishing scams that contain malicious weaponized PDF files pretending they have information about the travel itinerary. Conferences are super popular for this for these kinds of attacks, as well as airports. Wherever there's travel involved, this risk exists.
I think the most important point is to patch your systems. This is something which should be something of high priority whether you're traveling or not. A good example is when you open the App Store or Google Play Store and update the apps on your smartphone. Next time you do this, check out the release notes, and why the vendor is recommending you update their app. More often than not, it's not about a feature or a new UI. In most cases, it's about security features, it's about a bug that has been fixed. If you don't update these apps, threat actors who are aware of these issues as disclosed by the vendor can take advantage of these vulnerabilities. It’s not that difficult for an attacker to scan systems that haven't been patched and compare if the systems are on different software levels If they are, they know whether something is vulnerable or not. So, updating the system is really important.
Another important point is not to install random stuff on your computer for which you don’t know the legitimacy. This was very popular at the beginning of Covid when people wanted to understand what was happening with the spread of the virus, and therefore installed trackers. When traveling, sometimes you need different kinds of tracking software, especially if you are in different countries, and especially now with a lot of countries asking for certain kinds of trackers at airport immigration for example. Make sure you install the right one and not some weaponized files which might be floating around the Internet.
It's also really important to be aware of with whom you share your devices. For example, when you travel, don't let someone else use your laptop, even quickly to just browse a website or check some emails. This is really dangerous because if someone else connects to their own inbox, this could lead to you opening a certain file and downloading malicious stuff onto your computer. The same holds for connecting USB sticks from others to your computer. You never know what's what kind of software is stored on a USB stick; it may automatically run once it's connected to your system. I highly recommend never using a USB stick from others.
Also, don't leave your laptop unlocked near others, even if it’s just for a moment. Always make sure your computer is locked and that it has a complex password. The best case would be to utilize a password manager, so you don't have to remember your passwords for all your websites, but they remain secure. You have one master password for the manager, and in case of a breach of a certain application, that password is not that valuable because it's not connected to your email account or different other platforms.
For IT admins there are a lot of good things we can be doing to make cyber hygiene a much better environment. For example, we should enforce updates on computers by default and always make sure that administrative privileges are only given to the people who really need them. We need to understand certain behaviors happening on these endpoint devices and know which kinds of systems are becoming end-of-life. For example, if someone in your Finance Department is using a lot of Power Shell scripts, note that this is irregular for a Finance Department.
Data in laptops should always be encrypted in case of a loss, which can happen very easily when people travel. Laptops get stolen or are lost, and if you don't encrypt the system, even with a password on the device, it's not that difficult for threat actors to get access to the data in the end because they have physical access to the device itself. You should always have an inventory of all the hardware and software in your company, especially if people bring back different kinds of devices to your network, so you know whether it's your own device or not. And even if think you have everything under control, you should always have an incident and response plan so you know what is going to happen if, a laptop gets stolen.
If possible, don't connect to public Wi-Fi, especially if a lot of people are around the network. If you can connect to a public Wi-Fi, pretty much anyone in that area can as well, and you are not in control of what is happening on this network. You don't know who is on this network or what they are doing, because you don't control the security. If the network has bad security, then you now enable your system to be scanned directly by other people on this network.
I recommend different kinds of solutions to solve this problem. The best case would be to buy a SIM card from the specific country you are traveling to, to create your own hotspot, where only you are part of the network. If you travel around to different countries, another option is to buy a mobile Wi-Fi router and only use it by yourself. This way, it's very easy, no matter where you are, to access this environment with usually low costs. And no matter what, if you must join a public network, avoid any sensitive task. Don't do online payments or log into your bank accounts. This brings down the possibility of you being involved in a cyber security incident.
One thing I try to avoid is using social media accounts to log in to certain kinds of platforms. For example, if you connect to Wi-Fi, sometimes you are asked to create an account or log in with one of your social media accounts. If you log in with one of your social media accounts, typically you allow the people running the platform to get access to a lot of sensitive information. My recommendation to avoid this is to create a throwaway account for traveling. This account can be used for the specific purpose of connecting to Wi-Fi without any sensitive information being involved.
Another area to be cautious in with social media is the scams happening around instant messaging services. Social engineering is still one of the most prevalent and most successful tactics for gaining access to user accounts and the more information you expose from yourself and social media accounts, the easier you make it for attackers. One such example is people asking for help on social media websites like Reddit and other big forums. Sometimes, other users try to be helpful and ask for more details. But you need to be aware that if you start to post configuration files or sensitive information about your environments on public websites so others can help you, it's also not that difficult for others to find this information with open source intelligence techniques to take advantage of this information and use it against you.
QR codes became super popular for tracking during the last two years, and the potential risk of scanning QR codes is something that you need to keep in mind as well. Usually, when you scan a QR code, it opens a certain website on your device. If it opens a website, that website may be compromised and download malicious files to your device.