Rio Olympics Hacking Threats

World-class athletes aren't the only ones preparing for the Olympic Games. World-class cybercriminals are also hoping to walk away with some gold.

Brazil is a country that was already notorious for its large concentration of hackers. Symantec, in its 2016 Internet Security Threat Report, ranked the country eighth in the world for bot-based cybercrime (a bot is a device that lives on a user's PC and provides a wide variety of automated tasks for hackers).

The organization says Brazil is the source of 2 percent of all the bots throughout the world.

Add the high profile of the Olympics atop that and the threat becomes even more real — for visitors, organizers and sponsors, say security experts.

"We suspect the level of attacks will rise during the Games," says Michal Salat, threat intelligence manager at Avast. "We're quite sure there will be phishing attacks on visitors. Ultimately, it's all about money."

Salat says Avast expects attempted attacks on the Rio Olympics to be quadruple the number organizers faced in London in 2012. (Those Games saw 165 million attempts.)

Individual visitors to Rio and other Olympic venues are low-hanging fruit for hackers. Whether via phishing (tricking someone into providing their financial account information — often via an attachment in an email or a fake website that purports to sell or give away tickets), an ATM skimmer (which reads and records the card's information, including password) or point-of-sale malware (like that used in the 2013 Target breach), it's not hard for cybercriminals to trick the unsuspecting.

While government officials will certainly try to contain that activity, they're more concerned about larger-scale breaches.

ABIN, Brazil's intelligence agency, is monitoring roughly 40 groups of hackers it believes has the ability to hack "sensitive structures," such as federal databases. In the months leading up to the games, the agency has identified 1,600 groups responsible for more than 20,000 attacks on public institutions in recent years.

Athletes compete at the Ibero-American Championships in the women’s 100-meter hurdles final, a test event for the 2016 Olympic Games at the Olympic Stadium in Rio de Janeiro, May 16, 2016.

The Olympics are the biggest event the country has hosted, but Brazil got a taste of what to expect in 2014, when the World Cup was held there. During that tournament, Brazil saw almost 90,000 attacks in a 30-day period, according to cybersecurity firm Cytegic. And a study by the firm shows a regular pattern among hackers as large sporting events draw near.

In the weeks leading up to an event, it says, the number of attacks increases, peaking during the first week of the tournament or games. There's typically a decline from that point through the end of the games. Some of the hackers want to make a quick buck by stealing financial or personal information. Others, though, are more politically motivated.

"We've seen this happen in the previous World Cup in Brazil, and we saw this happen in Russia during the Olympics there," says Dan Pastor, head of intelligence for Cytegic. "We assume these types of attacks will happen again. They will target the website and the high-profile people in [Olympic organizers, the organizing country or Olympic sponsors] ... targeting high-ranking officials in government or media or sporting organizations, and they're going to use this platform in order to protest corruption or political corruption."

Hot Targets

The most likely tools of those hackers will be denial-of-service attacks on prominent websites, defacement of websites or doxxing — the release of intimately private information about an individual.

Financial institutions will also be an attractive target, says Pastor. But in Brazil that's nothing new.

"The [hacking] underground market is very advanced," he says. "I would dare to compare Brazil to the Russian underground. The financial industry is getting targeted on a daily basis yearlong by hackers. In previous [major sporting] events, there is a certain rise in attacks on banks and financial organizations — and, specifically, the targeting of financial assets."

Experts agree, though, that while hackers will attack from all angles up to and during the Olympics, one area that seems secure is the results of the events themselves. The Rio Games will utilize the cloud more than any other Olympics, and the 2020 Olympics will be entirely cloud-based. While this would seem to be a tempting target for hackers, experts say the cloud is generally more secure than physical servers.

"The cloud, ultimately, offers more operational security than the distributed systems we've had in the past," says Mark Testoni, president of SAP National Security Services. "The cloud allows you to apply security more rapidly. Often, the things that cause breaches are individual human factors, like, 'I wasn't able to patch all the computers.'"

So as businesses and government organizations beef up their firewalls and monitor threats, what can you do if you're headed to Rio to enjoy the Olympics yourself?

It largely comes down to the same techniques you use to guard against cybercrime on a daily basis: Don't click on links or attachments from people you don't know. Only buy tickets from official outlets. Check an ATM for a loose keypad before inserting your card. And use official applications on your smartphone rather than low-rated ones with small user bases.

The US Office of the Director of National Intelligence, in a recent awareness campaign, advised some more drastic steps, including leaving devices at home and even considering carrying a burner phone, which doesn't contain personal data or secure information.

Experts, though, say that might be taking things a little too far, even in a hacker-rich environment like the Rio Olympics. "It might be good advice, but it's overkill for 99 percent of the population," says Pastor. "It's good advice on a technical level, but on an individual level, you can't ask someone to buy new phones or computers when they go to such an event. The responsibility lies much more on the organizers."

CNBC:

« Google Uses AI To Save On It’s Energy Bills
ISIS Suspect Was Sending Encrypted Emails »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Phoenix Contact Cyber Security

Phoenix Contact Cyber Security

Phoenix Contact Cyber Security is a leading manufacturer of network security appliances for use in industrial environments.

Authorize.Net

Authorize.Net

Authorize.Net is a Payment Gateway which provides the complex infrastructure and security necessary to ensure fast, reliable and secure transactions.

Cybernetica

Cybernetica

Cybernetica is an ICT company with activities in e-government, marine comms, data analysis and research in information security technologies.

Xcina Consulting (XCL)

Xcina Consulting (XCL)

Xcina Consulting provides high quality business and technology risk assurance and advisory services.

EMnify

EMnify

EMnify is a Software-as-a-Service (SaaS) company, revolutionizing cellular Internet of Things (IoT).

Gallarus Industry Solutions

Gallarus Industry Solutions

Gallarus leads innovation within industrial Manufacturing, Production and Management Systems, including Cyber Security solutions specifically developed to protect against the latest cyber criminality.

Thridwayv

Thridwayv

Thirdwayv helps your enterprise realize the full potential of loT connectivity. All while neutralizing security threats that can run ruin the customer experience - and your reputation.

Lightspin

Lightspin

Lightspin is a contextual cloud security platform that continuously visualizes, detects, prioritized, and prevents any threat to your cloud stack.

Earlybird Venture Capital

Earlybird Venture Capital

Earlybird is a venture capital investor focused on European technology innovators.

Ross & Baruzzini

Ross & Baruzzini

Ross & Baruzzini delivers integrated technology, consulting, and engineering solutions for safe, sustainable, and resilient facilities.

Imageware

Imageware

Imageware is a leader in biometric cybersecurity. Protect against costly, damaging ransomware hacks by employing biometric cybersecurity solutions.

Campus cyber

Campus cyber

A project initiated by the President of the Republic, the Cyber Campus is the totem site of cybersecurity that brings together the main national and international players in the field.

Smile Identity

Smile Identity

Smile Identity helps businesses confirm the true identity of their users in real-time using any smartphone or computer.

Troye Computer Systems

Troye Computer Systems

Troye provide a complete range of digital workspace solutions that empower people to do their very best work in a safe and secure manner anywhere, anytime, using any device.

Fulcrum Technology Solutions

Fulcrum Technology Solutions

The Fulcrum team of technologists are recognized experts in the fields of IT Infrastructure Technology, Security, Service Management and Support.

Klarytee

Klarytee

Protect your data wherever it goes. Klarytee is a SaaS platform that builds security into sensitive content to enable granular control in AI, public cloud and SaaS.