Byos, Inc., an endpoint security company focused on concept of Endpoint Microsegmentation through Hardware-Enforced Isolation, recommends caution for attendees of major conferences and events such as the RSA Conference 2020, a leading cybersecurity conference in San Francisco, February 24-28, and travelers in general risks of Free Wi-Fi. Many attendees will access the Internet via multiple free Wi-Fi connection points from Hotels, Airports, Coffee Shops and the Conference itself, and every free Wi-Fi access presents security risks for users that Byos calls “The Dirty Half-Dozen.”
“Security professionals know that all networks are dirty or should at least be assumed as so,” said Matias Katz, CEO, Byos. “We are issuing this advisory as a public service to share our concerns with all conference attendees, reminding them and warning them of these risks.”
The Dirty Half-Dozen risks are:
- Scanning, enumerating, and fingerprinting
- Evil-Twin Wi-Fi
- Lateral network infections
- DNS hijacking
Scanning, enumerating, and fingerprinting — Network scanning programs are used to retrieve information about networked devices. Common scanners will tell the attacker what types of devices are connected to the network (laptop vs. printer vs. cellphone), which operating systems they’re running (GNU/Linux, Mac OSX, Windows 10, etc.), and what services they are running. Once the attacker has scanned the network, identifying a list of targets and vulnerabilities, they can take actions to steal, control, or manipulate the data.
Eavesdropping — Also known as a sniffing or snooping attack, happens when an attacker steals, modifies or deletes essential information that is transmitted over the public Wi-Fi network.
Exploits — Attackers use exploits to attack a victim’s device directly to trick a specific piece of software running on the victim’s device into running a different task than expected. This can give the attacker backdoor access to the victim computer. Once the device is accessed, the attacker can disable their security software and steal their data by rerouting traffic to their own servers often unnoticed by the victim.
Evil-Twin Wi-Fi — Evil-Twin Wi-Fi are fake Wi-Fi networks created by an attacker, mimicking a real network in its network name, otherwise known as an SSID. Once connected to it, users inadvertently send all traffic to the adversary before it’s forwarded to the internet.
Lateral Network Infections — Malware and attackers often move laterally through networks and devices which have no “insulation” from their network. Malware is written to evade common AV engines, making traditional endpoint security software an imperfect solution.
DNS hijacking — DNS requests are all of the website/domain names and Google searches typed into your browser. This traffic can be used to identify your browsing habits and other personally identifiable information, allowing an attacker to redirect or subvert DNS requests to malicious sites. To perform the attack, perpetrators either install malware on user computers, take over routers, or intercept or hack DNS communications.
“Security conference attendees need to pay attention to how they access the Internet over free Wi-Fi and use best practices – including ensuring that appropriate hardware and software security technology is in place before they go to the show – and use common sense,” said Katz. “Byos will be discussing the risks of the Dirty Half-Dozen at our RSA Conference 2020 booth and speaking slot in the Early Stage Expo (Booth ESE-24 and speaking slot at 9:30am, Feb. 25) and offer advice on how to protect your devices and data from threats that are not addressed by the current prevailing endpoint security measures.”
Byos is an endpoint security company based in Halifax, Nova Scotia, Canada and has a team with decades of combined defensive and offensive security solutions, on-demand incident detection and response services, personalized strategy planning and execution for hands-on public and private sector IT security clients.
The Byos Endpoint Security Platform is the first and only endpoint microsegmentation solution that allows employees and devices to safely and securely connect to any network, regardless of their location or network environment. The platform’s key component is the Byos μGateway™ – a small, portable “security stack on a USB stick” protecting devices from attacks that exist on dirty networks, while letting IT teams deliver cost-effective security management to the highest risk, highest frequency remote employees and connected devices through centralized provisioning and real-time remote policy enforcement.
The Byos solution is available for early access customers today and will be generally available later this year. For more, go to https://byos.io/.