Exploring the issues that the Olympic Games challenges businesses with
- Published: Thursday, 28 July 2016 07:12
Zscaler is warning organizations to plan ahead for security threats and network performance issues linked to coverage of the Olympic Games, which commence on 5th August in Rio.
Cybercriminals are aware that users will be searching for convenient ways to stay up-to-date with the latest sporting action, forcing enterprises to roll out revised security policies that ensure the security of users watching, searching for, or downloading associated sporting coverage.
Most critically, organizations need to consider their exposure to phishing and malware attempts, exploitation of mobile applications and how this will impact business continuity. ThreatLabZ research from past events found that 80 percent of ‘Olympic’ web domains were found to be scams or spam, pinpointing the need for increased business vigilance.
“Protection and productivity should be at the forefront for business leaders across the world in the run up to the Games,” said Chris Hodson, EMEA CISO at Zscaler. “In the last few years we’ve seen cybercriminals using spam emails and scam websites mirroring legitimate sites to entice users to click on, and download malicious files. This year’s events host similar risks and we should expect similar techniques from those trying to exploit users.”
In considering their risk profile so that its infrastructure and employees, are prepared, businesses need to ensure enterprise readiness across three key areas: business productivity, cyber threats and approved applications.
As businesses shift to the cloud, cyber security and prioritisation of web traffic remains a priority. Online streaming of events from official broadcasters runs the risk of diverting employee attention and saturating network bandwidth that is required for critical business applications.
“While it may seem easier to simply blanket ban any live coverage of the Games during working hours, this will only leave employees feeling demotivated and encourage them to look for other means of viewing events” comments Hodson. “This could in turn result in an increase in absence from the office and leave employees open to social engineering attacks, as their vigilance is lowered as they look for any means necessary to stream popular events. Rather, organizations should take a proactive approach to ensure bandwidth is appropriately provisioned.”
Phishing and malware
While phishing can take multiple forms - from spam email messages, social media, Typo Squatting and over the phone social engineering – all have the same end-goal: to make money by harvesting usernames and passwords, personally-identifiable information and/or payment card information.
Directing user traffic to bogus domains allows cybercriminals to leverage readily available exploit kits which look for vulnerabilities to load arbitrary malware onto, whilst also allowing criminals to offer seemingly free streaming of events. The Zscaler ThreatLabZ research team has already found cases of exploit kit traffic coming from Olympics-related content and predicts more attacks targeting users with emails and attachments around further Olympics-related content, discounts and schedules.
“Cybercriminals will look to play on our anticipation of the Games this year” predicts Hodson. “Businesses need to ensure that they are able to identify phishing sites and detect scripts which are running in webpages which could be malicious. Relying on URL filtering and reputation off-site is no longer an appropriate cyber security defence framework. Streaming sites should be enabled on a whitelist-only approach,” Hodson continued.
Mobile Apps and App Stores
Just last month, malware disguised itself as an online banking app for Russian’s largest bank, Sberbank, mirroring a similar login screen to the original app in order to steal user credentials as soon as the victim tried to authenticate. While Trojan malware that uses mobile applications as a delivery mechanism is nothing new, during major sporting events, cybercriminals will be looking to exploit the fact that millions of users will be looking for convenient methods of keeping up-to-date with the sporting action and will write mobile-applications that mirror their official equivalents.
While the business and security implications that the Games bring are not to be taken lightly, many of the tactics cybercriminals will be using to target unsuspecting users are unlikely to be anything new. As a first line of defence against mobile malware, organizations need to be blocking access to third-party app stores and only allowing access to the Play Store and Apple App Store (for Android and IoS respectively). And while there are isolated instances of rogue applications finding their way to approved stores, the risk has found to be significantly lower. Organizations need to also be considering sandboxing technologies to detonate and inspect unknown Android APK files being downloaded to corporate devices.