Everything you need to know about security on the FIFA World Cup 2018

Soon the 2018 World Cup in football. Cybercriminals will intensify their actions against football fans. Crafted websites that delude the authentic domain of the event will impersonate well-known brands of sponsors and try to persuade you to provide financial data. Luckily, Internet users will not remain debt offenders - they will not take on cheap phishing tricks and everyone will remember about the illusory security on pages with the "green padlock". Phishing domains targeted at smartphone and tablet users will be immediately recognizable. Links on fake sites will redirect you to printing a real ticket for 30% of the price, and Android banking Trojans will not be hidden in applications that impersonate the official partners of the event.

This is, of course, the dreams of a cut head, because the HTTPS protocol really only guarantees illusory security. Internet domains can be very difficult to recognize when used with Punycode. Banking trojans impersonating legitimate applications of partners and sponsors will grow like mushrooms after rain, and unprotected and unsecured operating systems will reveal all network communication.

Luckily, no one has to panic because together with the manufacturer of security software G DATA, partner of the campaign "Fan guide: Everything you need to know about safety during the 2018 World Cup", we have prepared valuable tips to effectively protect your devices against attacks and malware using the prestige of the 2018 World Cup sports event.

G DATA Internet Security poradnik

G Data Mobile SecurityG Data Mobile SecurityG Data Mobile Security 3

The guide is aimed at supporting stationers and fans who are going to Russia to watch - and if they succeed - even celebrate the success of the national team.

Everyone, depending on the situation, carries a device (smartphone, tablet, laptop) with each other, therefore the guide tackles important and not always obvious topics. E.g:

  • What software should be used to secure a mobile device?
  • How to increase the protection of mobile payments?
  • What to do if your smartphone is stolen?
  • How to increase security and encrypt network communication?
  • How to prepare for the 2018 World Cup in football from the technological side?

The most important is to install the VPN

Dycha VPN is a small price for exposing yourself to a potential eavesdropping attack. These cases are not uncommon. They will be intensified in the coming weeks. For an offender, such an investment will be disproportionately low to the benefits of an effective attack. And let's not forget about KRACK susceptibility - even if the device will connect to a secured W-Fi network, it will be impossible to verify the resistance of the access point to the attack without specialized software.

KRACK can be used to eavesdrop on packets sent by a device using the internet via WPA2 network without the need to know the network password, but it can not be used on pages not encrypted in the default implementation. HTTPS communication can also be overheard (ssltrip), so the best security at this level is provided by VPN. Tunneling will encrypt all network traffic between the vulnerable device on KRACK and the access point. And it works both ways - if the terminal device or access point is updated, then communication can not be overheard. That is why it is so important to install security patches. In normal situations, we'll never be sure if your smartphone or tablet is KRACK-resistant, so installing a VPN is the first step to protecting your device.

G DATA VPN poradnik bezpieczeństwa

VPN will protect the owner of the device from imprudence or imprudence when logging into Internet services.

If we were to recommend a supplier, then it will be NordVPN. In the most favorable 2-year plan, NordVPN offers more than 4,000 output servers from 62 countries around the world. So there is a lot to choose from. For those who would like to take advantage of the NordVPN offer, we recommend our affiliate link, which will give you a small percentage after each purchase. Client applications are available on almost all operating systems: Windows, macOS, iOS, Apple, Linux and many more. NordVPN supports the P2P protocol (not all VPNs do), so you can download legitimate torrents without any problems. In addition, NordVPN uses its own DNS server, so no other DNS communication node will log websites visited. And most importantly, the company NordVPN is registered in Panama and does not store any logs - there is no such obligation.
 

In the further part of the guide, we explain how to improve the overall security of the device and how to make it more difficult for cybercriminals to steal data from discs and websites. We hope that everyone will find something for themselves. If you have any questions, we remain in the comments for your disposal.

Sacurity guide

1. Consider seriously the purchase of a VPN application with a plan to use without restrictions from the tunnel band on several devices at one time and without storing logs at the supplier's side. Thanks to the NordVPN application, you will encrypt all traffic coming out of the phone (and not only from the browser), so you will not only increase security, but while in Russia you will bypass censorship imposed on Western websites and services. Remember that VPNs for browsers only encrypt traffic on HTTP and HTTPS protocols, therefore, for example, the embedded VPN in the Opera browser is limited technologically, and DNS server providers will be able to read the domains you connect to. Remember that you do not install the VPN application to be anonymous. The VPN protocol was not created for anonymity, but for security, including to circumvent the restrictions imposed by the dictatorship.

2. Avoid connecting to an open network. Theoretically, by connecting via VPN to an unsecured network, communication between the device and the wireless point is encrypted, but it is better not to tempt fate. It turns out that some VPN applications do not do what they were programmed for.

3. Connect to the Internet through the mobile operator's network. This way you will avoid all attacks on the Wi-Fi network.

4. Install the G Data Internet Security antivirus in Windows. You can also choose the G Data Internet Security 2 + 2 version for several devices with different operating systems (2x Windows + 2x Android) or G Data Internet Security for Android.

  • In the event of theft of the phone, create an account in the portal https://ac.gdata.de available in Polish. You will be able to locate the device when changing the SIM card and when the battery is low. Once you have secured the device from theft, an outsider will not be able to uninstall the anti-virus without entering the password, nor will it reset the device to factory settings without knowing the PIN code. In critical situations, you will remotely locate the device and delete all data from it.

G Data zdalne zarządzanie

  • In the event of an emergency, you'll immediately notify your friends about your location. Antivirus G Data Internet Security for Android will make a phone call or notify by email / SMS a defined contact about your exact coordinates by attaching a direct link to the graphical map on Google Maps. Just remember that you must have location services enabled in your phone. Otherwise, the recipient of the alarm will receive the MAC address of the device, which the police in cooperation with the operator can easily trace.

G Data zdalne lokalizowanie

  • In case of controlling your child against inappropriate content, create a safe zone. Antivirus activates a special, PIN-protected launcher with selected applications. As a parent, you can impose more restrictive rules on the schedule of using the phone at certain times, or even only in the selected location.

G Data kontrola rodzicielskaG Data kontrola rodzicielskaG Data kontrola rodzicielska

5. Remember at least one phone number to the person you will be able to contact in crisis situations. Also keep the emergency numbers in Russia. Use the official table prepared by the Ministry of Interior and Administration.

  • police 02
  • ambulance service 03
  • fire brigade 01
  • emergency number 112

6. Do not take with you important files that you need, for example, to run a business. Of course, make a backup before you lose access to the data.

7. Encrypt the phone, tablet and laptop. This will prevent a situation when they rob you at the hotel or at the police station and ask for access to the device.

8. Do not leave devices unattended in the hotel. You probably are not the target of the services, but a gap has recently been discovered in the electronic lock system used in hotels around the world that allows access to any room in the building. If you have no other option, encrypt all hard disks with VeraCrypt and install any locks. The HAVEN Android app created by Edward Snowden and his colleagues from the Freedom of the Press Foundation and the Guardian Project will be your best friend.

9. For electronic payments, try to get a Revolut card with a small amount of funds that you can use only for online purchases. This way you will avoid potential serious financial losses in the case of theft of the wallet.

10. To the Firefox browser on your mobile device, install the uBlock Origin extension blocking ads, cryptocurrency excavator scripts, spam pages and malicious content. Do the same for other browsers in Windows and macOS, or try to install a NoCoin add-on that protects you from cryptocurrency excavators. The HTTPS Everywhere plugin is not necessary, but where possible it will redirect you to the encrypted version of the site. Remember that a good anti-virus filter will handle all these matters in one go and it will also protect against dangerous content.

10. Erase cookies from the browser and do not remember passwords. To login, use the KeePass password manager with the keyboard shortcut you choose, which will automatically fill in the fields on the websites.

11. On sites that support 2FA, set up two-factor logging (Facebook, Twitter, Google and others). This is a secure method of logging in and protecting against account theft. As a last resort, you can replace the password manager with Yubikey keys. Most websites that support 2FA provide the option of logging in using this key.

12. Install available phone and application updates.

13. After updating everything you can consider turning off the Windows 10 update. If you are not afraid that after connecting to the hotel's network, the equipment will refuse to obey, then ignore this point.

14. In the laptop, create an account with limited privileges (no admin) and install the anti-virus.

15. Put the lock on the device. Add a screen lock (fingerprint or pattern) to the smartphone and put an additional password on the laptop in the laptop. You can log in to Linux, Windows and macOS systems using these Yubikey keys. This is a very safe method.

17. Think about what you put on the web and treat everything that you leave as public.

18. Limit trust in SSL certificates. Cybercriminals can get a legal certificate completely free (Let's Encrypt or CloudFlare). The "HTTPS" prefix is ​​theoretically safer than "HTTP", but this is only a semblance.

19. For transfers outside the home network, use a light Linux distribution for USB (eg Tails). If you already have to do it in Windows, install the VPN application and antivirus with the banking protection feature. Verify the content of the SMS confirmation, i.e. NECESSARY compare the end of the account number with the one entered in the computer. Remember that this is the only chance to thwart theft by a banking Trojan.

G Data ochrona bankowości internetowej

20. Uważaj na spam i podejrzane załączniki. Przede wszystkim powstrzymaj się od klikania w odsyłacze w wiadomościach e-mail i upewnij się, że pochodzą z bezpiecznego źródła. Bezpieczne źródło też może zostać zhackowane, dlatego lepiej wcześniej o tym pomyśleć i zainstalować oprogramowanie antywirusowe posiadające możliwość skanowania poczty i wykrywanie spamu.

G Data ochrona przed spamem

Competition and special discount for AVLab readers

Following the "Fan Guide: Everything you need to know about safety during the 2018 World Cup" and the 21st edition of the Football World Cup together with the G DATA company we have prepared:

1. Competition lasting until July 14, i.e. the day of the inaugural match Russia vs Saudi Arabia, in which there is 1 license to protect 4 devices for G DATA Internet Security 2 + 2 software (2x Windows + 2x Android) for a person who in the most convincing method will answer the question:

    Why should the license be given to you?

We are waiting for comments to the first part of the competition until June 14, 2018 to midnight. Here you can find the full Regulations.

When taking part in the competition, remember that:

  • The personal data administrator is AVLab.
  • The data will be processed in order to conduct the competition on the basis of the Regulations.
  • EXCLUSIVELY, the Winners will be made available to G DATA for the proper implementation of the competition.
  • You have the right to access your personal data, rectify it, delete or limit processing.
  • In matters related to data, please contact us by writing an e-mail to the contact (monkey) avlab.pl

2. If you do not get the main prize or just do not want to wait (because you have to secure your devices in advance) you can use the promotional code. You can use the code until the end of the championship, ie until July 15, 2018 when you purchase any antivirus product on the gdata.pl website

The rebate code is: FOOTBALL21

Do you want more privacy and security?

The described 20 "general" points are in line with the requirements of almost all users of modern technologies. Some of these tips can be completely new, and some very well known. And let's stick to that because the more knowledge and communing with new software and systems, the better.

In addition to privacy, you still need to be safe. And here, as part of the fan guide, we recommend the readers of the G DATA Internet Security antivirus software for Windows and Android, because once you start to install all these programs and browser add-ons, you should be sure that nothing dangerous (false) will get into the system .

What happened to CCleaner when their site was hacked and the alternate installer remember? It is worth installing reputable antivirus software for such and other events independent of the user. And such is undoubtedly provided by the German manufacturer G DATA, which has over 20 years of experience in the development of security software.

In addition to installing the anti-virus, be sure to add this page to your favorite bookmarks: https://www.privacytools.io. Its authors publish interesting combinations:

  • Why should not you use Windows 10.
  • A list of recommended VPN providers (including the mentioned NordVPN with an affiliate link to our account).
  • Recommended browsers that care about privacy (Mozilla, Brave, Tor Browser).
  • The https://www.privacytools.io/w… scanner running in the browser and based on the WebRTC protocol - is based on JavaScript and can reveal the public and private IP address of the user - even when the user hides behind a VPN or uses add-ons browsers blocking tracking such as: AdBlock, Ghostery (NoScript prevents IP disclosure).
  • Recommended browser add-ons: uBlock Origin, Self-Destructing Cookies, HTTPS Everywhere, Decentraleyes.
  • Recommended hidden settings for the Mozilla Firefox browser (about: config).
  • Alternative app stores and recommended software for Android.
  • Postal service providers whose protection of privacy is a priority (among others: OpenMailBox, ProtonMail, Tutanota).
  • Alternative e-mail software that allows you to maintain privacy and is based on P2P networks and decentralized communication without a management server: I2P-Bote, Bitmessage, RetroShare (Windows, Mac, Linux, Android systems are supported).
  • Instant messaging services such as: Signal, Ricochet, ChatSecure - it is worth noting that there is no popular messenger on the list: Telegram, FB Messenger, WhatsApp, etc.
  • Encrypted internet drives for file storage.
  • Password managers: Master Password, KeePass.
  • The list of countries where the user may be legally obliged to hand over to police authorities the encryption keys (Russia is among them, so fans who fear their data should be careful about what they are kidnapping). The website's authors exchange Poland, Germany and the Czech Republic as countries in which this law does not apply.
  • Software for encrypting disks, emails, files: VeraCrypt, GnuPG, PeaZip.
  • The site contains not only a set of tools and software, but also interesting information about countries involved in the collection, analysis and sharing of intelligence information.

The correlated data that you leave on the Internet and the information your browser stores can contribute to the development of a user profile with a specific IP address, postal addresses, interests, exits (based on purchases), confidential information about the company, place of residence and other. Rather, no one reveals such information voluntarily and does not want anyone to know about them.

And what are your ways for maintaining security and privacy?



Add new comment

The content of this field is kept private and will not be shown publicly.

Learn more about our offer

If you sell security solutions, are a distributor, authorized partner or developer and would like to share your portfolio with a group of potential customers, advertise an event, software, hardware or other services on AVLab - simply write to us. Or maybe you had to deal with ransomware? We can also help you decrypt your files.
Read more

We use Google Cloud Translation and Gengo API’s to translate articles with exception of our comparative tests.