Olympics newest sport: Phishing

Far before the Olympic torch was lit and the world champion athletes suited up, global cybersecurity experts were preparing for cyber threats ahead of the 2016 Rio Olympics. With big crowds anticipated, both at the events and virtually, the opportunity for cyber criminals to commit crimes was extremely high. Here’s a look at some of the criminal trends and attempts that experts noticed before and during this year’s global games.

What they were watching for: Potential cyber threats

In the weeks leading up to the games, Kaspersky Lab researchers spotted a spike in phishing attacks, email scams and spam messages that mimicked branding from the 2016 Rio de Janeiro Olympics. Some of the common criminal trends the Kaspersky researchers noticed were:

• Increased registered domains with names containing words such as “rio”and “rio2016”
• Increased purchasing of cheap SSL certificates to make phony sites look more credible.
• Increased false emails sent claiming users had won lotteries
• Increased and creation of false advertisements for televisions and other products including magic pills that promise to make the recipient an “Olympic champion”

Additionally, it was reported that the most popular scams were conducted using phishing websites that emulated ticket sale services. Through these faulty ticket sale sites, phishers would try and steal confidential banking card information with a hope of gaining access to any associated account with that card. As a result, the criminals would not only steal the victim’s money but deprive them of the chance of attending the Olympics by supplying them with a fraudulent ticket.

Teachings from the 2016 Olympic cybersecurity situation

Though the games at Rio de Janeiro highlighted unbelievable athletic performances it also drew attention to the cybersecurity vulnerabilities of large scale global events. According to Radware, here are some of the lessons learned from Rio, and ways to stay protected.

Encrypt your data

In the data dumps out of the Olympics, some of the passwords and other sensitive information were in clear text and not protected at all. It’s basic, but making sure your data is encrypted can help prevent embarrassing and costly revelations after a hack.

Guard against multi-vector attacks

Implement a security solution that includes protection from network- and application-based DDoS attacks, as well as volumetric attacks that can saturate the internet pipe.

Be ready for collateral damage, even if you’re not a part of the big event

When you use cloud storage, you don’t necessarily know who your neighbors are on your providers’ servers. If one of them is the target of a DDoS attack, the damage could spill over to your properties. Make sure you know your cloud provider’s architecture and security policies, and whether it can separate clean and malicious traffic.

Stop SQL injections and other web-based attacks and intrusions

If the data dumps coming out of the Olympics cyber-attacks are verified, they likely were obtained via an injection-based attack, like a SQL injection. Make sure your security solution blocks these kinds of attacks.

The good news is that, despite the increased threats to cybersecurity at the 2016 games, overall, the Olympics was able to proceed without a major successful cyber-attack. One important lesson is clear though: the earlier we prepare for cyber security efforts for Tokyo 2020, the better.