Over the course of a 24 hour span, Avast found over a thousand attendees that were completely negligent in their device’s security. Over 60 percent of the users who connected had their identity completely exposed. These 1,000 attendees also used the open and unprotected Wi-Fi hotspots to check their mail, used smartphone apps, and even played Pokemon.
This security based collection exercise exposed how easy it is for criminal actors and or organizations to set up fake Wi-Fi hotspots for collection activity within large events. Caution is offered to individuals attending large events; to beware of open and free Wi-Fi hotspots utilization. When possible, use a VPN to help keep your sensitive information safe.
Publication Date: 25 July 2016
Handling Requirements: Traffic Light Protocol (TLP) AMBER
Attribution/Threat Actors: OSINT- Potential Malicious use of Wi-Fi Hotspot Networks
Actor Type: Tier II
Potential Targets: 2016 Olympics & DNC Philadelphia PA
This report was published in its entirety to the Financial Services ISAC and Red Sky Alliance portal on July 25, 2016. For more information, contact Wapack Labs at 844-4-WAPACK.