Though the Olympic games have ended for the summer, cybercriminals are still using stories from the games to target companies. Here's how to stay safe.
The Olympics may be over, but hackers are still going for the gold--your personal information and money. Business leaders who attended the games or watched from home remain at risk of phishing, ransomware, and other attacks, as cybercriminals leverage the popularity of the games to try and steal information.
"It is quite common for scammers and social engineers to use a popular event to continue scams for a while after that major event is over," said Engin Kirda, professor of computer science at Northeastern University. For example, attackers might try to make use of some Olympic controversies (such as the Ryan Lochte case) in an attempt to trick victims into clicking on links or opening attachments that contain exploits, he added.
The London Olympics in 2012 faced 165 million hacking attempts, according to a strategist from Symantec. Attempts to breach the Rio Olympics' cybersecurity were expected to be four times more than those for the London Games.
We often see increased cyberattacks before, during, and after a large event, said Ben Johnson, chief security strategist at cybersecurity company Carbon Black. "Because the Olympics are a global event, any country could be a target of attacks that use the Olympics as bait," he added. "For the US, I think we will see it subside in the next few weeks as we move more to emails surrounding the presidential election as the main bait for phishing."
The first spam emails that focused on the Olympic Games in Rio de Janeiro appeared in early 2015, according to research from Kaspersky Lab. International fraudster gangs also created fake ticketing services and lotteries that asked victims for personal information in order to claim their prize.
Once the games were in process, hackers shifted toward phishing attacks--imitating Olympic branding to infect users with malware and obtain personal and financial data.
"Anything that increases the click rate is going to be used," Johnson said. "If you're talking about something that was a big event or was just in a major news story, you have a much higher chance of getting people to open that." Even natural disasters are often the centerpiece of these malicious campaigns, he added.
Businesses should expect to soon see phishing attacks related to the 2016 Rio Summer Paralympics in September, said Thomas Fischer, global security advocate at Digital Guardian. Hackers will also likely begin preparing for the Tokyo 2020 Olympics, including again targeting people with fake ticket sales, he added.
Tips for businesses
While the Nigerian bank scams of years past often had misspellings and obvious problems, today's hackers are more sophisticated, and can design emails to look like they are from a friend or an Olympics affiliate, Fischer said. Plus, "if you make the mail look real, it can bypass the spam filter," he added.
If users receive Olympic-related email, they should be cautious about clicking on links or downloading attachments from such emails, Kirda said.
Employee education is key for protecting against these attacks, Johnson said. It's best if training programs don't feel too corporate or impersonal, he added. Some companies have found success by offering security training for home devices, the lessons from which also apply to work. Security teams should also warn employees prior to any major event to be especially wary of what they click on.
"I think we're going to see a trend going forward where more ownership is pushed down to each employee to protect their own computer," Johnson said. If an executive or worker travelled to Rio, a security team should examine any devices used there and potentially wipe them and change passwords, he added.
Home computers and personal devices can also contribute to attacks on a company, Johnson added. Hacker networks that do DoS (denial of service) or spam attacks often use someone's home email address to send them out to others.
It is also always a good idea to use the latest technologies for preventing cyberattacks, Kirda said. For example, behavior-based detectors (such as sandboxes) are useful in checking attachments for exploits that may infect a system.
The 3 big takeaways for TechRepublic readers
- Though the Rio 2016 Summer Olympics came to a close last week, hackers are still using stories about the games to target businesses and others with phishing, ransomware, and other attacks.
- It's common for cybercriminals to attack before, during, and after a major event, to get more people to click on a malicious link or attachment. Businesses should watch out for hacks related to the Paralympics in September and the presidential election in November next.
- Companies can protect their data by training employees on what to look out for on both their home and work computers, and using the latest security systems on all devices, experts said.