Following the news that credentials for Paralympic and Summer Games ticket holders have been leaked online, please see below for comments from experts highlighting the importance of identity access management.
Joseph Carson , Chief Security Scientist & Advisory CISO
InfoSec Expert
July 23, 2021 10:14 am
<p>During all major sporting events cybercriminals will attempt to target them for financial gain. The upcoming Olympic games will always be a lucrative target for cybercriminals and news is breaking that the Tokyo 2020 Olympic games has become the latest victim of a major credential theft resulting in the ticket holders id’s and passwords being stolen. This is not a great start to the Olympic games which is already under pressure given the situation with COVID-19 and that the upcoming games will be without those ticket holders. If you are a victim then it is important to ensure you change any passwords that use the same or similar passwords and monitor your accounts for any suspicious activities.</p>
<p>Many fake, fraudulent websites or emails that appear official luring fans into cheap tickets, free merchandise or simply to stream and watch these events live will come with many scams. These scams can result in stealing the victims credentials, passwords, credit card information, infecting their computer or smartphone with malicious software or even ransomware. This can lead to unknowing victims spreading the malware to family and friends, losing sensitive data or a major financial impact.</p>
<p>It is important to be vigilant during major events and cautious from any email, website links or even messages from friends on social media to whether or not they are authentic, many scams are so good these days that they are almost difficult to detect. If it is too good to be true then it is more than likely a scam. During major events avoid clicking on suspicious email or website links, use the latest web browsers, do not enter credentials, passwords or credit card information into these websites as it is a high probability that they are scams and you will be the next victim. Consider using a password manager to help you move passwords into the background and ensure that all accounts have strong complex unique passwords.</p>
<p>Cybersecurity threats against the Olympics are not without precedent, however, the Tokyo Olympics continue to be targeted repeatedly by bad actors. The attacks started with a series of phishing attempts in late 2020 when hackers tried to lure in users by impersonating Olympic staff. This was followed by a data breach in May 2021 when the Tokyo Olympics were victims in the Fujitsu hack enabling cyber criminals to infiltrate their systems and leak information of about 170 people involved in security management. This most recent breach, impacting the login IDs and passwords of ticket holders, is especially troubling as it comes just days before the start of the event. </p>
<p>As ransomware and cyber crime continued to rise during the global COVID-19 pandemic, so did tensions between countries. The Cyber Threat Alliance (CTA) released a <a href=\"https://u7061146.ct.sendgrid.net/ls/click?upn=4tNED-2FM8iDZJQyQ53jATUeXFDr2cLrIjC3LI-2F72LpX3BUg6JfZ3UhjQpgAVOkeIUuU7FdfhRhMVLzyJYsr9XrVqVfjK-2BGU1R3RxoIi-2Bkei-2F4kzchuPSm5-2Ffk-2BD7r9fISRDo4R0fP-2FK8nZ4niXJHpLWitN7JyIYnEMQQ-2FG7fxFDI-3DE7ZD_S3RA1gMvL7v1TdZrqvF2X48vY2LyH9KYdxKxBaPFp6Fl1TEEsXDQbgk-2FWPw9Ah5nwh5z3HPLIw79cePUeHvYGTO5AKaXxfXA6PdkmD9nZzOoTnHFT1UG5oGB72ysmgMLvU1X2fn5AqMtBgcZ6geZMeglRU3mxrp9K2dBbSjM6floyGriqeGXVcn2y4me-2BLcOmiDhuJ5PsUaXE2lG29FbzW9cpoiJae7X5L1yXeQhlboQUmbL1ctjchbib6Q-2FWfZZLOjFpaTWVFVRDH3iKlEkKWKnV-2BJL-2FwlHgscr6Q0z1SSpspW0bQP9N5lSr3lharVgfLmtFcZzNULjykG8hXtNensaF22KhuSicJoy8ii9w1HoFJtERsWSe8TziW-2B0qYzO\" target=\"_blank\" rel=\"noopener\" data-saferedirecturl=\"https://www.google.com/url?q=https://u7061146.ct.sendgrid.net/ls/click?upn4tNED-2FM8iDZJQyQ53jATUeXFDr2cLrIjC3LI-2F72LpX3BUg6JfZ3UhjQpgAVOkeIUuU7FdfhRhMVLzyJYsr9XrVqVfjK-2BGU1R3RxoIi-2Bkei-2F4kzchuPSm5-2Ffk-2BD7r9fISRDo4R0fP-2FK8nZ4niXJHpLWitN7JyIYnEMQQ-2FG7fxFDI-3DE7ZD_S3RA1gMvL7v1TdZrqvF2X48vY2LyH9KYdxKxBaPFp6Fl1TEEsXDQbgk-2FWPw9Ah5nwh5z3HPLIw79cePUeHvYGTO5AKaXxfXA6PdkmD9nZzOoTnHFT1UG5oGB72ysmgMLvU1X2fn5AqMtBgcZ6geZMeglRU3mxrp9K2dBbSjM6floyGriqeGXVcn2y4me-2BLcOmiDhuJ5PsUaXE2lG29FbzW9cpoiJae7X5L1yXeQhlboQUmbL1ctjchbib6Q-2FWfZZLOjFpaTWVFVRDH3iKlEkKWKnV-2BJL-2FwlHgscr6Q0z1SSpspW0bQP9N5lSr3lharVgfLmtFcZzNULjykG8hXtNensaF22KhuSicJoy8ii9w1HoFJtERsWSe8TziW-2B0qYzO&source=gmail&ust=1627120392623000&usg=AFQjCNGVIYP0kSbEtoFy5VKBTODljStKIQ\">report</a> warning that various countries may attack in the months leading up to the Games. In addition, cyber criminals may also see this as an opportunity to retrieve quick ransomware payments if they are able to successfully disrupt the live event, as the Olympic organization will have little to no tolerance for downtime. </p>
<p>With multiple entry points for hackers to exploit, from athletes, spectators, operations, logistics, sponsors to other associated businesses, the Olympic Games must remain vigilant in their attempt to thwart additional breaches. Beginning with standard best security practices such as monitoring identity and access to their network, ensuring all systems are up to date and patches are deployed, as well as enabling multi-factor authentication across all of their corporate applications and resources. In addition, the Olympics must communicate to all parties involved in the games to keep a security first mindset and understand how to identify and respond to threats.</p>
<p>During all major sporting events cybercriminals will attempt to target them for financial gain. The upcoming Olympic games will always be a lucrative target for cybercriminals and news is breaking that the Tokyo 2020 Olympic games has become the latest victim of a major credential theft resulting in the ticket holders id’s and passwords being stolen. This is not a great start to the Olympic games which is already under pressure given the situation with COVID-19 and that the upcoming games will be without those ticket holders. If you are a victim then it is important to ensure you change any passwords that use the same or similar passwords and monitor your accounts for any suspicious activities.</p>
<p>Many fake, fraudulent websites or emails that appear official luring fans into cheap tickets, free merchandise or simply to stream and watch these events live will come with many scams. These scams can result in stealing the victims credentials, passwords, credit card information, infecting their computer or smartphone with malicious software or even ransomware. This can lead to unknowing victims spreading the malware to family and friends, losing sensitive data or a major financial impact.</p>
<p>It is important to be vigilant during major events and cautious from any email, website links or even messages from friends on social media to whether or not they are authentic, many scams are so good these days that they are almost difficult to detect. If it is too good to be true then it is more than likely a scam. During major events avoid clicking on suspicious email or website links, use the latest web browsers, do not enter credentials, passwords or credit card information into these websites as it is a high probability that they are scams and you will be the next victim. Consider using a password manager to help you move passwords into the background and ensure that all accounts have strong complex unique passwords.</p>