Summer of cyber attacks
Kevin Foster, Testing Services Manager, MTI Technology - 20 September 2016
In recent years, we have seen a huge rise in cyber crime rates at big international events. As cyber criminals develop and source more sophisticated methods of hacking, this growth isn’t slowing down any time soon.
This summer, it was reported that in the weeks prior to the Rio Olympics, we would see some of the “highest levels of cyber criminal activities in years”. This is unsurprising, given that Brazil has one of the highest levels of cyber crime in the world, and the second highest incidence rate of online banking fraud. The same article cites that, when Brazil hosted the world cup in 2014, cyber crime went up by around 200 per cent.
The UEFA European Championship games in June, hosted in France, also caused a headache for businesses and consumers alike. Hackers actively targeted the host nation during the tournament, with 72 percent of malicious websites and 41 percent of exposed passwords being detected on smartphones in the country. Equally, Wimbledon saw a 302 per cent year on year increase in attacks to its official website.
Essentially, cyber criminals want information. From corporate to personal data, passwords to social media profiles, any information that can be sold on or used for extortion is the end goal for cyber criminals. It’s not always clear what the motivations are for hackers. It will often be for financial gains, but could also be politically motivated, for social justice, religious reasons or the even the ‘glory’. The combination of big data and big money around these events creates the perfect breeding ground for them.
How are they doing it?
It isn’t just those that are lucky enough to attend these international sporting events that can be affected. In the lead up to the Olympics, there was a spike in phishing attacks, with cyber criminals registering domains which included words such as “rio” and “rio2016”. Online visitors were given the impression that the sites were legitimate, as criminals had bought cheap SLL certificates, enabling them to have the prefix ‘https’ on the URL.
A number of fake apps, offers and spam enticed sports fans to unwillingly surrender their sensitive data to hackers. In a trend that doesn’t seem to be slowing down, fake ticket sites were also problematic during the Rio Olympics.
From a user perspective, another dangerous form of attack is the hacking of unsecure Wi-Fi connections, apps and cloud applications. These allow cyber criminals to piggyback on what appears to be a trusted source. This was seen during Euro 2016, where an insecure connection in the official UEFA app was hacked, which resulted in unencrypted data, including mobile numbers and passwords, being leaked.
Attackers can do this in a number of ways such as through a Wi-Fi Pineapple, which allows a hacker to sit between a device and the internet connection to take information. Another is through malware which creates fake adverts on a user’s device and pays the hackers every time it is clicked on, such as in the recent Hummingbad malware that infected 10 million Android devices.
If employees are attending international events like these with company devices, a VPN will be vital in ensuring all information sent to and from a device is encrypted. With BYOD on the increase, ensuring mobile devices are up to date with the latest patches, anti-virus and malware protection, as well as limited to only install and run authorised mobile applications, is essential.