Tokyo Olympics Contending with Cyber Threats, FBI Warns of More Coming
Cybercriminals often use popular sports events as bait for their attacks.
Shutterstock
Lisa Plaggemier is interim executive director of the National Cyber Security Alliance (NCSA).
“Big events such as the Olympics present a very enticing opportunity for hackers given both how popular they are, and in the case of ransomware attacks, how lucrative they can be,” she said. “Unfortunately, the Tokyo Olympics have already suffered a third-party breach last month when a data-sharing tool of [a] Japanese government contractor was hacked. This just underlines how important it is for organizations to have a firm grasp on their cybersecurity defenses, especially if your organization is engaged in operations as sprawling as the Olympics.”
Unfortunately, modern bad actors no longer need to worry about proximity when it comes to executing attacks, Plaggemier said. Therefore, the lack of in-person spectators will not have any impact on the ability of bad actors to breach defenses.
“However, with that said, it is still as important as ever for those in attendance to maintain strong cyber hygiene, avoiding public Wi-Fi that seems suspicious, and other steps, as bad actors will look to access personal information in any manner they possibly can,” she said. “Simply put, do not be lulled into a false sense of security just because attendance is limited.”
Beyond individual cyber hygiene maintenance, the Olympics as a whole needs to make sure it keeps a close eye on potential ransomware threats and work in close contact with third-party vendors to ensure that they are maintaining high security standards as well, Plaggemier said.
“Over the last few months there hasn’t been a shortage of high-profile ransomware and third-party vendor attacks, so the Olympics should take lessons from these previous incidents to fortify their training, reporting and response plans so that they can avoid falling victim as well, especially given a third-party breach occurred pre-event,” she said.
Ralph Pisani, Exabeam‘s president, said cybercriminals often capitalize on major world events due to the wide range of information they can gather, as well as the opportunity to increase their own notoriety. So it’s no surprise there’s already been a credential leak from the summer Olympics.
“There are not many details on the cause of the leak yet, but it’s possible that it is a result of a credential stuffing campaign, where bad actors mine login information from previous data breaches of other organizations to break into user accounts,” he said. “This is particularly dangerous for individuals and organizations because these credentials could be used to access corporate accounts, then move laterally through the network to cause deeper damage.”
End users should establish different passwords for all of their accounts, immediately change their passwords on sites that have been breached and use multifactor authentication (MFA) wherever it is available, Pisani said.
“To remediate incidents involving user credentials, which is the reason for 61% of breaches today, and respond to adversaries, organizations must move fast and consider an approach that is closely aligned with monitoring user behavior, to provide the necessary visibility needed to restore trust, and react in real time, to protect user accounts,” he said. “This should include the ability to detect, using behavioral characteristics, when abnormal events have occurred.”
Alexa Slinger is an identity management expert at OneLogin. She said as cybercrime continued to rise during the global pandemic, so did tensions between countries.
“The Cyber Threat Alliance (CTA) released a report warning various countries may attack in the months leading up to the games,” she said. “In addition, cybercriminals may also see this as an opportunity to retrieve quick ransomware payments if they are able to successfully disrupt the live event, as the Olympic organization will have little to no tolerance for downtime. With multiple entry points for hackers to exploit, from athletes, spectators, operations, logistics, sponsors to other associated businesses, the Olympics must remain vigilant in their attempt to thwart additional breaches.”
Jon Clemenson is director of information security at TokenEx, a data protection platform. He said despite moves toward risk-based authentication, passwords are likely to remain in play for some time.
“Considering this, it comes as no surprise that a highly visible global event like the Olympics would provide opportunity to hackers,” he said. “Therefore, we want to reiterate that strong password policies are vital to both personal and business security. Cybercriminals often reuse credentials found from online data dumps and commonly referred to as credential stuffing, to access sensitive data. That tactic, combined with user penchant toward overly simple passwords, does not afford anyone an appropriate level of data protection. We encourage users not to repurpose passwords across websites, and instead, institute lengthy and unique complex passwords whenever possible in conjunction with two-factor authentication.”
More than a dozen malware samples have been found on exploited Pulse Secure devices that are largely undetected by antivirus products, according to a new Cybersecurity and Infrastructure Security Agency (CISA) alert.
All the analyzed files were found on compromised Pulse Connect Secure devices. In addition, some of them were modified versions of legitimate Pulse Secure scripts.
In most cases, the malicious files were webshells for activating and running remote commands for persistence and remote access.
Bob Rudis is chief data scientist at Rapid7. He said leaving devices exposed to malware provides initial access to attackers and a foundation to work from both internally and externally.
“Pulse Secure, along with many other remote access gateway technologies, have been targets of choice for attackers and will remain so for quite some time,” he said. “Rapid7 Sonar scans regularly identify tens of thousands of online, unpatched devices from virtually every manufacturer despite numerous warnings from the manufacturers themselves, government agencies (such as CISA), security vendors and IT news media. Leaving these devices exposed is akin to pouring a steady stream of toxic waste into our rivers and lakes as they provide initial access to attackers and often a solid base to work from both internally and externally.”
Organizations should continuously assess their technology landscape to better protect their business processes and data, Rudis said.
Avast and RiskIQ have entered a threat intelligence partnership. They will use their specific areas of expertise to develop combined threat intelligence that will be offered to their customer bases to enhance their security practices.
Avast has joined RiskIQ’s Interlock Partner Program.
Avast‘s advanced analytics enable insight into thousands of malware families, including how they are detectable before customers are impacted and how those threats evolve as bad actors attempt to evade detection.
RiskIQ aggregates and collects data and intelligence from the internet to identify threats and attacker infrastructure, and leverages machine learning (ML) to scale threat hunting and incident response.
Nick Viney is Avast’s senior vice president of partner business.
“Our global threat intelligence will contribute to RiskIQ‘s understanding of the global threat landscape, and Avast will leverage RiskIQ’s intelligence to enrich our own data and further scale our threat hunting and response capabilities for companies and consumers alike,” he said.
Lou Manousos is RiskIQ’s CEO.
“RiskIQ and Avast share a mission to protect people and businesses on the internet, and as partners, we can both be more effective,” he said. “Avast helps us enrich our understanding of the global threat landscape and we welcome them to our Interlock Partner Program.”
Avast and RiskIQ have entered a threat intelligence partnership. They will use their specific areas of expertise to develop combined threat intelligence that will be offered to their customer bases to enhance their security practices.
Avast has joined RiskIQ’s Interlock Partner Program.
Avast‘s advanced analytics enable insight into thousands of malware families, including how they are detectable before customers are impacted and how those threats evolve as bad actors attempt to evade detection.
RiskIQ aggregates and collects data and intelligence from the internet to identify threats and attacker infrastructure, and leverages machine learning (ML) to scale threat hunting and incident response.
Nick Viney is Avast’s senior vice president of partner business.
“Our global threat intelligence will contribute to RiskIQ‘s understanding of the global threat landscape, and Avast will leverage RiskIQ’s intelligence to enrich our own data and further scale our threat hunting and response capabilities for companies and consumers alike,” he said.
Lou Manousos is RiskIQ’s CEO.
“RiskIQ and Avast share a mission to protect people and businesses on the internet, and as partners, we can both be more effective,” he said. “Avast helps us enrich our understanding of the global threat landscape and we welcome them to our Interlock Partner Program.”
As if dealing with COVID-19 weren’t bad enough, the Tokyo Summer Olympics also has to contend with cyber threats targeting the event.
News broke this week of a cyberattack. Malicious hackers have stolen and leaked online the usernames and passwords of Olympic and Paralympic game ticket holders and volunteers.
The FBI is warning entities associated with the Olympics that cyber actors who wish to disrupt the event could use distributed denial of service (DDoS) attacks, ransomware, social engineering, phishing campaigns or insider threats to block or disrupt live broadcasts of the event. They could also steal, and possibly hack and leak or hold hostage sensitive data, or impact public or private digital infrastructure supporting the games.
Sports Enthusiasts Beware
Kaspersky researchers urge sports enthusiasts not to forget that cybercriminals will likely take advantage of fans’ eagerness to watch the games by instigating various online fraud schemes. They found fake pages offering to stream various Olympic events and selling tickets for competitions that won’t have spectators. In addition, they found various giveaways, and even the first fake Olympic Games virtual currency.
Olga Svistiunova is a security expert at Kaspersky.
Kaspersky’s Olga Svistiunova
“Cybercriminals always use popular sports events as bait for their attacks,” she said. “This year, the Olympics will be held without spectators; thus, we do not expect a big number of related attacks. Still, we observe that fraudsters have no limit when it comes to creating new ways to take advantage. For example, this year we discovered an interesting phishing page selling [an] Olympic Games Official Token. There is no real equivalent of such thing. That means that cybercriminals are not only faking already existing baits, but also come up with their own new sophisticated ideas.”
Peruse our slideshow above for more on Olympics cyber threats and more cybersecurity news.
Want to contact the author directly about this story? Have ideas for a follow-up article? Email Edward Gately or connect with him on LinkedIn. |
Read more about:
MSPsAbout the Author(s)
You May Also Like