Hackers are targeting the Rio Olympics, so watch out for these cyberthreats

by Michael Kan (feat. Robert Muggah)

CIO
July 20, 2016

The Olympic Games in Rio de Janeiro will attract more than just athletes and tourists this year. Hackers from across the world will also be on the prowl, trying to exploit the international event.  

That means visitors to the Olympics and even people watching from home should be careful. Cyberthreats related to the games will probably escalate over the coming weeks and could creep into your inbox or the websites you visit.

Don't click if it's too good to be true

The Olympics have become a beacon for cyber criminals, said Samir Kapuria, senior vice president with security firm Symantec. A great deal of money is spent on the international event, so hackers naturally want a slice of the pie, he added.

During past major sporting events, hackers have come up with fake ticketing and betting services to commit fraud on unsuspecting users. They’ll also use phishing emails and social media posts to spread malware.

Computer users will see these messages and links, expecting to view a video on a record-breaking Javelin throw or a bargain on great seats to the event. But in reality, they’ll end up downloading ransomware that can take their data hostage, Kapuria warned.

“Think before you click, especially if something looks too good to be true,” he said.

Thomas Fischer, a security researcher at Digital Guardian, has already been noticing an increase in phishing scams trying to take advantage of the Olympics.

Typically, a user will receive an email loaded with an attachment that invites them to an Olympics ticket lottery. Inside the attachment, however, is malicious code that will download the Locky ransomware and begin encrypting all the user’s files.

Hackers are already blanketing email addresses with this kind of attack. They’ll also pretend to be an organization like an Olympics committee, he added. “Anyone can receive these emails,” Fischer said. “They usually come in English.”

Brazilian hackers like to target banking data

Visitors who actually make the trip to Rio de Janeiro will be entering a country well known for online banking fraud, according to security firms. It doesn’t help that local laws there might not be strong enough to fight cybercrime.

Trend Micro has been following the cyber crime scene in Brazil and noted in a report that hackers there “exhibit a blatant disregard for the law.”

“They will abuse social media and talk about their criminal enterprise, without fear of prosecution,” said Ed Cabrera, the company’s vice president of cyber security.

Many of these Brazilian hackers are developing Trojans that pretend to be legitimate banking software, but in actuality can steal the victim’s payment information. However, much of this Brazilian malware is focused on targeting local users, and not necessarily foreign tourists, Cabrera said.

Tourists should still be careful, however. Any banking Trojan can still be dangerous because the malware can spy on computer users, said Dmitry Bestuzhev, the head of global research for security firm Kaspersky Lab.

He’s warning visitors to be wary of ATM and point-of-sale machines in the country. They often can be infected with malicious code that can secretly steal payment data once a banking card is swiped. “The attacker has the capability to intercept the data and then to clone the card,” he added.

Another danger is public Wi-Fi spots in Brazil, which often times are insecure. A hacker can use them to eavesdrop on victims and steal their passwords, Bestuzhev said. He recommends users buy a VPN service to encrypt their Internet communications.

Hacktivists and cyber terrorists could be lurking

The other big threat that could disrupt the games is hacktivists, said Robert Muggah, a security specialist at Brazilian think tank the Igarapé Institute.

Anonymous, for instance, is targeting the event and could end up embarrassing the local government. The hacking group has already managed to temporarily shut down the official Rio Olympics website on May 11, and then Brazil’s Ministry of Sports site on the following day, Muggah said.

“Analysts are also concerned with Islamic terrorists,” he added. The extremist group ISIS has been trying to use the encrypted messaging app Telegram to attract sympathizers in Brazil.

Local authorities, however, are bolstering their cybersecurity defenses, and the country is no stranger to holding major events, Muggah said. In 2014, the country was the site of the World Cup.

In the run-up to the Olympics, the U.S. government has launched a multimedia campaign pointing out the possible cyberthreats travelers may encounter in foreign countries. In extreme cases, U.S. tourists could even be the targets of espionage, the campaign warns.

At the very least, visitors heading to Rio de Janeiro should watch out for smartphone theft. Muggah said thefts are quite high in the country because the devices are so expensive. New iPhones, for example, have been known to cost about US$1,000 in Brazil due to the local import tariffs and taxes.