Nation-state and criminal hackers are targeting the Winter Olympics at a rapidly increasing rate, raising fears of phishing scams, hacks and other disruptive attacks. Already, the US government has warned its citizens to remain vigilant when it comes to cybersecurity risks during the event in Pyeongchang.
More recently, security firm McAfee has discovered malware that serves as the second-stage payload in a phishing campaign targeting organisations that are involved with the 2018 Winter Olympics. They released a report on Friday, detailing the discovery and analysis of the attack. IT security experts commented below.
Thomas Richards, Associate Principal Consultant at Synopsys:
“Once inside the Olympic Village, the security will probably be the best for attendees, staff, and athletes. However, the protections will most likely not extend once outside the protective gates. Visitors should be cautious when exploring the city, especially after hours. Local crimes of opportunity, such as muggings and petty theft, may increase due to the sudden influx of foreign visitors. Visitors should also be wary of any scams that may involve cheap or easy ways to get access to meet athletes or get into the Olympic village. If an opportunity sounds too good to be true, it most often is not true. Visitors should keep their mobile devices close to their body as possible and enable passwords on the devices to prevent use in the event they are stolen.
“With the Olympics being a word class event, the cyber security attacks may show an advanced level of techniques. The Olympics security team should employ the latest in phishing and spam prevention techniques. This includes performing domain aging checks on any emails that are sent to Olympic emails, putting alerts on any emails coming from an external domain, and diligently informing staff that attackers may try to impersonate Olympic staff members and vendors. Any email requesting members to download attachments or visit a page which requires entering credentials should be highly suspect and reported to the security teams for investigation.
“The worst case scenario. resulting from someone hacking the 2018 Winter Olympics, would be a disruption of events. Almost all of the events will rely on computers for time and record keeping, disabling or modifying these systems may cause erroneous results. Additionally, the personal information of Olympic officials and athletes could be exposed due to a compromise of the computing systems.”
Hervé Dhelin, SVP Strategy at EfficientIP:
Hacking team records and insider information on fitness could greatly alter betting odds; athletes’ personal data could be used for fraud; spectators, journalists and staff may have severely delayed or blocked Internet access; fans may unintentionally buy fake tickets; and a breach to the event site and infrastructure could damage the brand and its reputation. It’s a goldmine for those who aren’t looking to earn gold medals.”
EfficientIP has worked with Roland Garros to solve these issues pertaining to major tennis events. “We knew that DNS was critical and that it could be a target but also a vector of cyber-attacks,” explained Franck Labat, CTO of the French Tennis Federation (FFT). “We wanted a hardware-like appliance that could be easily integrated into our existing IT environment”.
The opinions expressed in this article belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.