As the biggest sporting event of the summer begins, IT and security leaders need to make sure they refocus their cyber security efforts, to assess the risks associated, and their ability to respond if needed. Vigilance should be at the forefront for business leaders globally. Cybercriminals are aware that users will be looking for convenient ways to keep up-to-date with the sporting action. This is forcing organisations to roll out revised policies that ensure the security of users watching, searching for and downloading sporting coverage.
Considering the business exposure to phishing and malware attempts, exploitation of mobile applications and how this will impact business continuity is critical for organisations. In fact, at previous Games, ThreatLabZ research found that 80 per cent of “Olympic” web domains were found to be scams and spam.
Experience tells us that cybercriminals will use similar tactics to lure unsuspecting users to click on spam emails and visit scam websites that mirror legitimate sites, in order to exploit them to download malicious files.
In considering their ‘risk profile’, businesses need to be ‘enterprise ready’ across three key areas – productivity, cyber treats and approved applications – when preparing for the sporting season.
Enabling business productivity
As businesses shift to the cloud, cyber security and prioritisation of web traffic is hugely important. Online streaming of events runs the risk of diverting employee attention and saturating network bandwidth that is required for access to business applications.
While it may seem easier to simply blanket ban any live coverage during working hours, this will only leave employees feeling demotivated and encourage them to look for other means of viewing events. In turn, this could result in an increase in absence from the office and leave employees open to social engineering attacks, as their vigilance is lowered as they look for alternative means to stream events. Organisations need to take a proactive approach when it comes to preserving bandwidth such as conducting a survey to understand which events are likely to be the most popular will ensure staff levels can be maintained and bandwidth appropriately provisioned.
Threats: Phishing and malware
Phishing can take multiple forms – from spam email messages, social media, Typo Squatting and over the phone social engineering – yet, all have the same end-goal to make money by harvesting usernames and passwords, personally-identifiable information and/or payment card information.
Criminals use international events to capitalise on customer excitement and demand, often creating bogus ticket purchasing sites, offering discounted tickets or even tickets to sold out events. Falling for one of these scams not only leaves customers disappointed when tickets fail to arrive, but they have also left their personal information exposed, as these sites are rarely protected with at-rest and in-flight encryption technology.
Directing user traffic to bogus domains allows cybercriminals to leverage readily available exploit kits which look for vulnerabilities to load arbitrary malware onto, whilst also allowing criminals to offer seemingly free streaming of events. When the site owners have malicious intentions, there is often some form of browser plugin or executable download associated with the viewing. These files generally contain malware. If something looks too good to be true, it generally is.
We have already found cases of exploit kit traffic coming from “Olympics”-related content and predict that more attacks will target users with emails and attachments around further “Olympics”-related content, discounts and schedules.
Organisations need to ensure that they can identify phishing sites and detect scripts which are running in webpages that could be malicious. Relying on URL Filtering is no longer an appropriate cyber security defence framework. Streaming sites should be enabled on a whitelist-only approach: if the site has not been explicitly approved by your IT team, it should be blocked.
Mobile apps and app stores
We are already seeing examples of malware disguising itself by mirroring a similar login screen to the original app so that it can steal user credentials when the victim tried to authenticate. While Trojan malware that uses mobile applications as a delivery mechanism is not new, during major sporting events, cybercriminals will be looking to exploit the fact that millions of users will be looking for convenient methods of keeping up-to-date with the sporting action and will write mobile-applications that mirror their official equivalents.
The best defense against mobile malware is for organisations to block access to third-party app stores. Allow only access to the Play Store and Apple App Store (for Android and IoS respectively). Whilst there are isolated instances of rouge applications finding their way to approved stores, the risk is significantly lower. Organisations should also consider sandboxing technologies to detonate and inspect unknown Android APK files being downloaded to corporate devices.
While the business and security implications around the Games should not be taken lightly, many of the tactics cybercriminals will be using to target unsuspecting users are unlikely to be anything new. Defence in depth is of the upmost importance and businesses need to be extra vigilant when it comes to advanced security threats this August.