Five Cyber Risks to Avoid to Enjoy London Olympics Safely

More people than ever will be watching and following the Olympics online and with mobile devices--and the cyber criminals know this.

A week from today all eyes will be on London and the opening ceremonies of the 2012 Summer Olympics. More than any prior Olympic games, the 2012 London Olympics will be watched and followed over the Internet and on mobile devices from around the world.

Of course, the cyber criminals know this as well, and cyber criminals tend to be adept at capitalizing on breaking news and major events as bait for unsuspecting victims. ThreatMetrix published a list of the top threats users should be aware of. If you want to enjoy the London Olympics safely from your PC or mobile device, avoid these five security risks:

1. Shady Apps

There will be a variety of apps available for the various mobile platforms to help people view Olympic events, keep track of medal winners, access statistics and relevant information, and more from their mobile devices. As we have seen time and time again, though, there are shady third-party apps that surreptitiously access information from mobile devices without explicit permission, or reach out to everyone in your contacts to get them to download and use the app as well. Pay attention to the permissions being requested by any apps you install, and keep an eye on any suspicious activity. Better yet, stick to official Olympics apps, or at least apps from established, trusted developers.

2. Drive-By Downloads

With the right vulnerability to exploit, attackers may be able to install malicious software on your PC just by getting you to visit a website. In fact, the attackers might not even have to get you to do anything if they can manage to plant the malicious exploit on a legitimate site. Just by visiting a website providing Olympics coverage or information, it's possible your PC could end up infected or compromised. And, no, the risk is not limited to the Windows operating system.

3. Hidden Links

If an attacker does want to lure users to visit a malicious website, it's a lot easier these days than it used to be thanks to shortened URLs. As people share news and information about the London Olympics via Twitter, the associated links will inevitable be shortened using services like the true URL. There are tools out there that will let you see where that shortened link goes before you click it, but most people will simply click away, possibly ending up at a malicious site that could infect or compromise their PC.

4. Search Engine Poisoning

ThreatMetrix explains, "When conducting online searches for information or images about the games, cybercriminals can redirect consumers to malicious websites," adding, "Rather than seeing an image of their favorite Olympian, the photo can actually infect consumers' devices if the page containing the image is laced with malware."

Basically, attackers can use search engine optimization techniques to try and game the system and get malicious sites ranked at the top of search results. Most people inherently trust the top search results and won't think twice about clicking them to dive deeper.

5. Phishing Attacks

If you happen to be in London during the Olympics you might feel compelled to try and attend an event or two. Be very, very careful with searching for or buying tickets. Cyber criminals will use the lure of tickets to draw victims to malicious sites, and more traditional grifters may actually sell fake tickets for a quick buck.

There will most likely be other phishing attacks aside from ticket scams. Cyber criminals will use Olympics news, photos, video clips, and other Olympics-related information as bait to get users to either visit malicious websites, or con them into sharing personal or financial information.

It sounds scary. It might even make you think twice about watching or following the Olympics over the Internet or mobile devices at all. It's not that bad, really.

"All of the cybercrime risk associated with the Olympics can be overwhelming to consumers," said Andreas Baumhof, chief technology officer, ThreatMetrix. "However, simple steps can be taken to avoid malware attacks associated with the Olympics. These steps include keeping all software up-to-date, using only official Olympic sites and applications and being hyperaware of all web and mobile device activity. Don't click on any link that comes your way, even if it looks interesting--it may be a costly click."

Join the CSO newsletter!

Error: Please check your email address.
Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Tony Bradley

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place