Hackers are targeting the Rio Olympics, so watch out for these cyberthreats

Cyberterrorists and hacktivists could also try to disrupt the event

The Olympic Games in Rio de Janeiro will attract more than just athletes and tourists this year. Hackers from across the world will also be on the prowl, trying to exploit the international event.

That means visitors to the Olympics and even people watching from home should be careful. Cyberthreats related to the games will probably escalate over the coming weeks and could creep into your inbox or the websites you visit.

Don't click if it's too good to be true

The Olympics have become a beacon for cyber criminals, said Samir Kapuria, senior vice president with security firm Symantec. A great deal of money is spent on the international event, so hackers naturally want a slice of the pie, he added.

During past major sporting events, hackers have come up with fake ticketing and betting services to commit fraud on unsuspecting users. They’ll also use phishing emails and social media posts to spread malware.

Computer users will see these messages and links, expecting to view a video on a record-breaking Javelin throw or a bargain on great seats to the event. But in reality, they’ll end up downloading ransomware that can take their data hostage, Kapuria warned.

“Think before you click, especially if something looks too good to be true,” he said.

Thomas Fischer, a security researcher at Digital Guardian, has already been noticing an increase in phishing scams trying to take advantage of the Olympics.

Typically, a user will receive an email loaded with an attachment that invites them to an Olympics ticket lottery. Inside the attachment, however, is malicious code that will download the Locky ransomware and begin encrypting all the user’s files.

Hackers are already blanketing email addresses with this kind of attack. They’ll also pretend to be an organization like an Olympics committee, he added. “Anyone can receive these emails,” Fischer said. “They usually come in English.”

Brazilian hackers like to target banking data

Visitors who actually make the trip to Rio de Janeiro will be entering a country well known for online banking fraud, according to security firms. It doesn’t help that local laws there might not be strong enough to fight cybercrime.

Trend Micro has been following the cyber crime scene in Brazil and noted in a report that hackers there “exhibit a blatant disregard for the law.”

“They will abuse social media and talk about their criminal enterprise, without fear of prosecution,” said Ed Cabrera, the company’s vice president of cyber security.

Many of these Brazilian hackers are developing Trojans that pretend to be legitimate banking software, but in actuality can steal the victim’s payment information. However, much of this Brazilian malware is focused on targeting local users, and not necessarily foreign tourists, Cabrera said.

Tourists should still be careful, however. Any banking Trojan can still be dangerous because the malware can spy on computer users, said Dmitry Bestuzhev, the head of global research for security firm Kaspersky Lab.

He’s warning visitors to be wary of ATM and point-of-sale machines in the country. They often can be infected with malicious code that can secretly steal payment data once a banking card is swiped. “The attacker has the capability to intercept the data and then to clone the card,” he added.

Another danger is public Wi-Fi spots in Brazil, which often times are insecure. A hacker can use them to eavesdrop on victims and steal their passwords, Bestuzhev said. He recommends users buy a VPN service to encrypt their Internet communications.

Hacktivists and cyber terrorists could be lurking

The other big threat that could disrupt the games is hacktivists, said Robert Muggah, a security specialist at Brazilian think tank the Igarapé Institute.

Anonymous, for instance, is targeting the event and could end up embarrassing the local government. The hacking group has already managed to temporarily shut down the official Rio Olympics website on May 11, and then Brazil’s Ministry of Sports site on the following day, Muggah said.

“Analysts are also concerned with Islamic terrorists,” he added. The extremist group ISIS has been trying to use the encrypted messaging app Telegram to attract sympathizers in Brazil.

Local authorities, however, are bolstering their cybersecurity defenses, and the country is no stranger to holding major events, Muggah said. In 2014, the country was the site of the World Cup.

In the run-up to the Olympics, the U.S. government has launched a multimedia campaign pointing out the possible cyberthreats travelers may encounter in foreign countries. In extreme cases, U.S. tourists could even be the targets of espionage, the campaign warns.

At the very least, visitors heading to Rio de Janeiro should watch out for smartphone theft. Muggah said thefts are quite high in the country because the devices are so expensive. New iPhones, for example, have been known to cost about US$1,000 in Brazil due to the local import tariffs and taxes.

Join the CSO newsletter!

Error: Please check your email address.

More about IRJavelinKasperskySymantecTrend Micro

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Michael Kan

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place