DEFENSESTORM BLOG

Cybercriminals Love the Olympics Too, but for Different Reasons.

Tuesday, May 14th, 2024

VIEW ALL INSIGHTS

DefenseStorm cyber security monitoring.

The Olympic Games begin July 26, 2024, and end August 11, 2024. I, like most people around the globe, will be watching and cheering on our nation’s athletes as they achieve their goals and live out their Olympic dreams. Unlike most of the audience, though, I will also be thinking about the unseen but expected threats and attacks that will be occurring from bad threat actors taking advantage of such a major event.

Every four years, athletes from around the world come together in one place to represent their respective countries; this year, that place will be Paris. The Olympic Games begin July 26, 2024, and end August 11, 2024. I, like most people around the globe, will be watching and cheering on our nation’s athletes as they achieve their goals and live out their Olympic dreams. Unlike most of the audience, though, I will also be thinking about the unseen but expected threats and attacks that will be occurring from bad threat actors taking advantage of such a major event. The most sought-after services during the Olympics will be retail, ticketing, travel, and hospitality, all of which require a monetary value to obtain. This is why it is imperative for financial institutions (FIs) to stay alert and on top of their IT and cybersecurity hygiene. Not just during major worldwide sporting events but every day.

Let’s look at a few of the threats to watch for:

  • Account takeover and credential stuffing: With the possible influx of financial transactions, there is a greater risk of account takeover and credential stuffing attacks. These attacks can result in cybercriminals gaining unauthorized access to user accounts.
  • Social Engineering via phishing emails related to the Summer Olympics will more than likely become popular. These emails often contain “promotional offers” or “special offers” that are used to entice the victim to click on malicious links.
  • A heightened risk of Ransomware and Malware attacks. If you have worked in this industry long enough, you may be familiar with the fact that cybercriminals will use major events such as the Olympics, or a holiday, to turn a joyful time into a chaotic time.
  • Ad Fraud: If you are not familiar with it, ad fraud is when an attempt is made to defraud digital advertising networks for financial gain. A common method is the use of Bots, which is also called Click Fraud.
  • Malvertising: An attack that injects harmful code into legitimate online advertising networks. These ads are then displayed to users. If a user clicks on that ad, it will lead them to an unsafe destination.

(sources: https[:]//datadome[.]co/bot[-]management-protection/anticipated-cyber-threats-during-the-2024-olympics-how-to-proactively-secure-your-business/) 

If you are asking yourself how some of the above threats pertain to your organization’s internal network, it is important to keep in mind that not all end users are security minded. Clicking the wrong link or even an end user purchasing something off what they feel is a legitimate retail site from your network can all lead to unauthorized access. During the Summer Olympics, financial services will be a target for malicious threat actors. With the increased volume of transactions related to Olympic purchases (tickets, lodging, travel, retail), it will attract those with bad intentions and an unwillingness to earn a dollar with integrity.

DefenseStorm Recommendations

The DefenseStorm team will continue to monitor for additional developments and information regarding this emerging threat. All currently available IPs associated with this threat actor have been uploaded to the DefenseStorm ThreatMatch feed.

Continuous research is being conducted for all newly discovered or recurring malware and ransomware. As always, DefenseStorm recommends the following practices to help secure your environment:

  • Continued internal training for phishing campaigns
  • Block threat indicators at their respective controls
  • Keep all systems and software updated to the latest patched versions to best protect against all known security vulnerabilities
  • Maintain a strong password policy
  • Enable multi-factor authentication
  • Regularly back up data, air gap, and password backup copies offline
  • Implement a recovery plan to maintain and retain multiple copies of sensitive or proprietary data and servers in a physically separate, secure location
  • Use app hardening
  • Restrict administrative access

 

 

Desrah Kraft

Cyber Threat Intelligence Engineer

Desrah Kraft is a Cyber Threat Intelligence Engineer at DefenseStorm. For the past three years, she has played a vital role in leading and contributing to various Incident Response efforts. Before transitioning into cybersecurity, Desrah obtained a bachelor’s degree from Mitchell College and worked for 7 years in law enforcement. This experience helped her cultivate a comprehensive understanding of security principles and investigative practices. An accomplished cybersecurity professional with 4 years of hands-on experience in analyzing malware and extensive expertise in safeguarding digital landscapes against malicious threats, Desrah possesses an unparalleled ability to dissect complex cyber threats, identify their origins, and implement effective countermeasures. Additionally, she holds multiple MITRE certifications, which demonstrate her mastery of advanced threat detection and mitigation techniques. Recognized for her keen eye for anomalies and proactive approach, Desrah excels in Endpoint Detection and Response (EDR), enabling rapid identification, investigation, and containment of potential breaches. Committed to continuous growth and learning, Desrah remains at the forefront of cybersecurity, dedicated to fortifying digital infrastructures and inspiring others in the field.