The upcoming Paris Olympics — the world’s biggest sporting event since pandemic restrictions were lifted — are expected to attract over 15 million tourists to Paris — which is something scammers are already actively preparing for. Almost certainly, each of these tourists/spectators will need access to the internet, and this is where public Wi-Fi hotspots come to the rescue. However, this approach has its risks: cybercriminals may use public access points to intercept your data.

On the eve of the Olympics, our researchers have mapped and assessed the security of the open Wi-Fi networks that visitors might use. We’ve analyzed around 25,000 public Wi-Fi hotspots in Paris, and found that every fourth one is unsafe — making their users vulnerable to personal and banking data theft. For how to safely use Wi-Fi during the Paris Olympics — read on…

What we found out

In total, we recorded 47,891 signal records from 24,766 unique Wi-Fi access points across popular locations and Olympic venues in Paris. Around 25% (6083) of the examined Wi-Fi hotspots turned out to have serious security weaknesses — such as weak or nonexistent encryption, use of outdated devices and protocols, or misconfiguration — making them vulnerable to interception, decryption, or cracking attacks.

Not all of these hotspots are accessible to all passersby; to connect to some, you need to enter a password or PIN. However, in general, we classified as unsafe both completely open networks without any protection (we found 3176 of them), as well as those that are either misconfigured or use compromised protocols and are easily hacked using widely-known algorithms.

This means that when using such access points, users are at great risk: without reliable protection, cybercriminals can steal passwords, banking data and other personal information of users.

How many Wi-Fi points use WPS and WPA3?

Approximately 20% (4864) of the public Wi-Fi access points we investigated in Paris use the notoriously vulnerable WPS protocol, which is outdated and easily compromised. This makes them susceptible to WPS attacks, which can lead to data loss.

And below just 6% (1373) of all the hotspots are protected by the modern WPA3 security protocol, which has built-in protection against brute-force attacks, individual data encryption, and other features that make Wi-Fi access points secured by this protocol safe.

This result is disappointing. The main problems we found are either the incorrect configuration of access points (making them vulnerable to attacks), or the use of outdated equipment that doesn’t support modern security standards and protocols.

How we researched

Experts from Kaspersky’s GReAT (Global Research and Analysis Team) swapped their office chairs for benches, cafes, parks, and other public spaces in Paris for several days — all to study the most popular places in the city that Olympic spectators are likely to visit:

Arc de Triomphe
Champs-Élysées
The Louvre
The Eiffel Tower
Notre-Dame
The Seine River embankments
The Trocadéro
Stade de France

From a Wi-Fi security standpoint, leading the way are the embankments along the Seine. However, in and around the Trocadéro, it’s better to walk around without connecting to public Wi-Fi. The same goes for the Champs-Élysées and the Arc de Triomphe, where there are usually a great many folks milling about — even without the Olympics being on — so it’s worth keeping an eye on both your digital and physical safety (for the latter — e.g., against pickpocketing). We, of course, will help maintain the confidentiality of your digital identity, but we can do nothing if someone tries to steal your smartphone. Although with the help of Kaspersky: Antivirus & VPN it’s easy to find a lost Android smartphone.

The Olympics will start at the Stade de France, where there are also many unsafe Wi-Fi access points. There are unprotected networks both right next to the stadium and in the surrounding area, so be careful whenever you want to post something directly from the stadium.

What’s the result

Thus, 25% of (central) Parisian Wi-Fi access points are unsafe — including both open ones and those that require a password or PIN to connect. Moving around the city, you’ll be constantly switching between available hotspots. So how can you use public Wi-Fi and not worry about your digital security?

It’s difficult to determine on your own how dangerous a particular Wi-Fi access point is — of course, except for open hotspots without any protection, connecting to which is definitely unsafe. Therefore, when using any public access point, it’s necessary to protect your Wi-Fi connection with a VPN.

If you’re in dire need of a VPN service to protect your connection but don’t want to pay for one, consider using the free version of Kaspersky VPN Secure Connection. Free mode won’t allow you to select a server, plus there’s a traffic limit of 300 MB per day, but both your traffic and your device are fully secure.

The better option of course is to buy a subscription; after all, a reliable VPN is a must-have app for absolutely everyone — and has been for some time. Premium access to Kaspersky VPN Secure Connection — available as a standalone purchase or as part of our Kaspersky Plus and Kaspersky Premium subscriptions — grants you access to one of the fastest VPNs in the world across all your devices, along with top-rated protection against phishing and other threats, as verified by independent researchers.

Best of all, you can enjoy a 30-day free trial of these subscriptions and experience the full functionality of our protection and VPN for free during the Olympics. Of course, it’s better to download the applications in advance over a secure connection.

If your device doesn’t have a VPN installed and you’re forced to connect to public Wi-Fi in Paris (or any other city), follow these rules:

Do not pay for purchases online: your banking data can be intercepted
Do not transmit any important information without a secure connection
Do not log into personal accounts that aren’t protected by two-factor authentication (2FA)
Use only strong passwords and store them securely
Disable file sharing and AirDrop (if you have it) on your devices to prevent unauthorized access to your files
Enable the firewall on your laptop
Regularly update the operating system and applications on all your devices to patch new vulnerabilities

But it’s much easier to use maximum protection on all your devices, which will keep your digital identity safe even in another country. And don’t forget to subscribe to our blog and/or Telegram channel: take care of your digital safety today!

Kaspersky official blog – ​Read More

For athletes, the Olympics are the pinnacle of a lifetime’s work. Many train for decades to one day perform under their nation’s flag and sing its anthem far from home. For scammers, it’s much simpler: the Olympics are just another opportunity to cash in on unsuspecting individuals.

Today we tell you how scammers have prepared for the Paris Olympics, how they plan to steal money and personal data from sports fans, and what you need to know to follow your favorite athletes safely.

Olympic-sized data plan

The Paris Olympics kick off on July 26, and French media predict a temporary population explosion with 15.3 million visitors. Naturally, tourists from other countries always want to stay connected, and… who comes to their “aid”? Scammers, of course, armed with a too-good-to-be-true offer — 48GB of supposedly free internet, regardless of your carrier.

Let’s do the math: a standard mobile plan with 40GB of internet and unlimited calls in France costs around €11 (roughly $12USD). Given the number of expected tourists, the cost of providing free internet to all would exceed €168 million (approximately $184 million USD). No telecom company is giving away that much data allowance — after all, many of these visitors will never return to France.

But who’s got the time to think about that when the offer is so tempting, and the Parisian atmosphere is so intoxicating? Alas, after registering and filling out all the forms, the tourist won’t get a single free megabyte, and they may only realize this too late when their phone account runs out of money. At the same time, they’ll have given the scammers their phone number, personal and banking details, and confirmation that they’ll be far from home, watching the Olympics in Paris — and therefore probably won’t be closely monitoring their banking transactions.

Don’t forget your ticket… and scarf!

What are the first things Olympic spectators want? Tickets to the Games, of course. Just in time for the Paris Olympics, scammers have built a network of fake ticket-sales websites. Archery? You bet! Soccer? Naturally. Badminton? Don’t even ask! They’ve got it all covered! To appear legitimate, the scammers have even added pop-ups requesting consent to collect personal data and use web tracking, complete with links to their own “privacy policies” — so the unsuspecting victim also agrees to sharing their data with the scammers!

The platform offers not only to buy tickets, but also to sell them — just in case you decide to watch rhythmic gymnastics instead of soccer. This way, the scammers can extend their reach to those who’ve bought tickets in advance but changed their plans.

But at least you can safely buy Olympic merch, right? Nope, another trap awaits there too: for fans of cheap merch, scammers have a special gift — phishing websites. Keychains, commemorative coins, magnets, and scarves — scammers offer it all, and at great prices.

Of course, no actual merch — neither official nor even counterfeit — is ever shipped. Buyers are left with nothing but empty wallets and compromised data.

Don’t let scammers win the gold

The best way to protect yourself is a combination: Kaspersky Premium will protect you from phishing links and other online threats, while your own attentiveness, awareness of common scams, and knowledge of how to avoid them will tackle the rest.

Don’t buy tickets from unofficial sources. Stick to the official Olympics website.
Use a virtual card with a spending limit for any online purchases — especially if you’re not 100% sure of the site’s legitimacy.
Turn on two-factor authentication wherever possible. This helps keep your accounts and money safe — particularly if you’re worried you might have entered your details on a phishing site. By the way, you can store 2FA tokens in Kaspersky Password Manager.
Be wary of gifts from strangers. Getting 48GB of free internet sounds great but it really is too good to be true.
Follow our Telegram channel to stay up to date on the latest cybersecurity news.

Kaspersky official blog – ​Read More

Episode 356 of the Transatlantic Cable Podcast kicks off with news around the AT&T ‘mega-breach’. From there the team discuss two stories related to AI – the first looks at how AI is being used to help doctors detect early-onset Alzheimer’s; the team then talk about how K-Pop are looking to use artificial intelligence to write songs and create artwork.

The final story discusses how legendary artist Bob Dylan has banned smart-phones in his upcoming gigs – just how that will pan out is anybody’s guess.

If you liked what you heard, please consider subscribing.

AT&T says hackers stole records of nearly all cellular customers’ calls and texts
New AI tool could be game-changer in battle against Alzheimer’s
Will K-pop’s AI experiment pay off?
Bob Dylan to bring ‘phone-free’ tour to Edinburgh

Kaspersky official blog – ​Read More

Regarding VPNs, a popular refrain these days goes something like: “Why bother paying for a VPN when there are tons of free ones out there?” But are free VPN services truly free? This post explains why thinking they are is misguided, and offers the optimal solution: one of the fastest and most secure VPN apps on the planet.

First there was: “There’s no such thing as a free lunch” — dating back to the 1930s. In this century, that old adage was updated and adapted for the digital age: “If you’re not paying for the product, you are the product”. Today this new axiom applies to many internet services — but especially to VPNs. After all, maintaining a network of servers across the globe, and handling encrypted traffic for thousands, if not millions of users comes at a significant cost. And if the user isn’t explicitly asked to pay for such services, there’s bound to be a catch somewhere. And that “somewhere” was recently vividly demonstrated by a couple of major incidents…

Freebie VPN and a botnet of 19 million IP addresses

In May 2024, the FBI, together with law enforcement partners, dismantled a botnet known as 911 S5. This malicious network spanned 19 million unique IP addresses across over 190 countries worldwide, making it possibly the largest botnet ever created.

But what does a gargantuan botnet have to do with free VPNs? Quite a lot actually, since the creators of 911 S5 used several free VPN services to build their brainchild; namely: MaskVPN, DewVPN, PaladinVPN, ProxyGate, ShieldVPN, and ShineVPN. Users who installed these apps had their devices transformed into proxy servers channeling someone else’s traffic.

In turn, these proxy servers were used for various illicit activities by the real clients of the botnet — cybercriminals who paid the organizers of 911 S5 for access to it. As a result, users of these free VPN services became unwitting accomplices in a whole host of crimes — cyberattacks, money laundering, mass fraud, and much more — because their devices were sucked into the botnet without their knowledge.

The 911 S5 botnet began its nefarious operations way back in May 2014. Disturbingly, the free VPN apps it was built upon had been circulating since 2011. In 2022, law enforcers managed to take it down for a while, but it resurfaced a mere few months later under a new alias: CloudRouter.

Finally, in May 2024, the FBI succeeded in not only dismantling the botnet infrastructure but also apprehending the masterminds, on which note the 911 S5 saga will likely end. During its operation, the botnet is estimated to have earned its creators a cool $99 million. As for the losses to victims — at least, just the confirmed ones — they amount to several billion dollars.

Infected VPN apps on Google Play

While the 911 S5 case is undoubtedly one of the largest botnet, it’s far from an isolated incident. Literally a couple of months before, in March 2024, a similar scheme was uncovered involving several dozen apps published on Google Play.

Though among them there were other apps too (such as alternative keyboards and launchers), free VPNs constituted the bulk of the infected ones. Here’s the full list:

Lite VPN
Byte Blade VPN
BlazeStride
FastFly VPN
FastFox VPN
FastLine VPN
Oko VPN
Quick Flow VPN
Sample VPN
Secure Thunder
ShineSecure VPN
SpeedSurf
SwiftShield VPN
TurboTrack VPN
TurboTunnel VPN
YellowFlash VPN
VPN Ultra
Run VPN

There were two modes of infection. Earlier versions of the apps utilized the ProxyLib library to transform devices on which the infected apps were installed into proxy servers. More recent versions employed an SDK called LumiApps, offering developers monetization by showing hidden pages on the device, but in reality doing the exact same thing — turning devices into proxy servers.

Just like in the previous case, the organizers of this malicious campaign sold access to proxy servers installed on user devices with the infected apps to other cybercriminals.

After the report was published, the infected VPN apps were, of course, removed from Google Play. However, they continue to circulate in other places; for example, they’re sometimes published in several different incarnations under different developer names in the popular alternative app store APKPure (which was infected with a Trojan a few years ago).

What to do if you really need a VPN

If you’re in dire need of a VPN service to protect your connection but don’t want to pay for one, consider using the free version of [placeholder ksec]. Free mode won’t allow you to select a server, plus there’s a traffic limit of 300 MB per day, but both your traffic and your device are fully secure.

The better option of course is to buy a subscription; after all a reliable VPN is a must-have app for absolutely everyone — and has been for some time. Premium access to Kaspersky VPN Secure Connection, available as a standalone purchase or as part of our Kaspersky Plus and Kaspersky Premium subscriptions, grants you access to one of the fastest VPNs in the world across all your devices, along with top-rated protection against phishing and other threats, as verified by independent researchers.

Best of all, you can enjoy a 30-day free trial of these subscriptions and experience the full functionality of our protection and VPN; that way, you can see for yourself how our VPN is one of the world’s speediest.

Kaspersky official blog – ​Read More

We write a lot about phishing, and always recommend our products as the best line of defense. And for good reason — Kaspersky Premium for Windows outperformed 14 other solutions in AV-Comparatives’ 2024 Anti-Phishing Test — beating global vendors like Bitdefender, McAfee, Avast, and others.

Because Kaspersky products utilize a unified stack of security technologies, which was rigorously tested by researchers, this award equally applies to our other products and solutions — both for home users (Kaspersky Standard, Kaspersky Plus, and Kaspersky Premium) and for business (such as Kaspersky Endpoint Security for Business and Kaspersky Small Office Security).

About the test

The independent Austrian organization AV-Comparatives has a 25-year track of record of evaluating the effectiveness of cybersecurity products and solutions. This latest test assessed how well popular cybersecurity solutions protect users from phishing threats while browsing the web and using email.

The test ran from May 17 to 28, 2024, using a selection of 275 fresh and active phishing links. The phishing URLs included sites designed to steal data from bank cards, PayPal and online banking accounts, Dropbox and eBay, social media and email accounts, online games, and other online services. To test for false positives, 250 links to legitimate online banking services worldwide were also included.

To achieve certification, security solutions had to block at least 85% of phishing addresses and avoid any false positives on legitimate websites. Kaspersky Premium for Windows blocked the highest number of phishing links among all the test’s participants — 93% — without a single false positive, securing first place. Only seven of the 15 tested solutions from other vendors met the certification criteria — albeit with lower scores: McAfee (92%), Avast (91%), Trend Micro (89%), Fortinet (89%), Bitdefender (89%), ESET (87%), and NordVPN (85%).

AV-Comparatives has been conducting its anti-phishing test — whose list of threats and legitimate websites is updated annually — since 2011, and our products have excelled consistently year after year. The test is performed on computers with identical hardware configurations, operating systems, and browsers, simultaneously for all security solutions put to the test. All other phishing protection mechanisms in the operating system or browser are disabled. Each tested product is configured to default settings and has unlimited internet access and the ability to update throughout the test. A visit to a phishing site is only considered as detected if the security solution warns the user that the site is unsafe.

A legacy of success

In 2023 alone, our products participated in 100 independent studies and emerged victorious 93 times. Since 2013, our products have undergone rigorous testing by independent researchers 927 times, achieving 680 first-place finishes, and placing in the top-three 779 times. This is an absolute record among all security solution vendors — both in terms of tests conducted and victories secured.

Here’s a rundown of some of our most notable recent wins:

Kaspersky Standard for Windows was recognized by AV-Comparatives as Product of the Year in 2023 based on the results of seven tests conducted over 13 months — surpassing Bitdefender, Avast, McAfee, and 12 other security solutions. Concurrently, AV-Test awarded our home user protection its annual Best Advanced Protection 2023 award based on six tests. We dedicated a separate blog post to this achievement.

Kaspersky Plus for Windows achieved a perfect score in the Total Accuracy Rating category in all of SE Labs’ Endpoint Security: Home tests conducted in 2023 and 2024 — earning the AAA rating.

Kaspersky Plus for Mac was recognized as the best security solution for macOS users by AV-Test in 2023, achieving top scores and quality certifications in all four tests conducted that year. In March 2024, the product received further acclaim from AV-Test — again earning a perfect score.
Kaspersky Plus for Android received a five-star rating in all six of Testing Ground Labs’ tests conducted in 2023, and two tests in 2024. Consistency is a sign of success!
Kaspersky Safe Kids stood out as the only product among five participants in the test of parental control and child protection solutions to receive the Approved Parental Control certification from AV-Comparatives in 2024. This recognition comes as a result of the product blocking over 98% of websites distributing pornographic content — all without any false positives.

You can check out our other awards in the TOP-3 section on our website.

Kaspersky official blog – ​Read More