What makes the Olympics stand out, allows attacks to play out


On the heels of U.S. presidential campaigning and the U.K. leaving the European Union, all eyes have shifted to the 2016 Olympics Games in Rio – including the eyes of criminals.

While athletes, celebrities, media, and spectators descend upon a handful of cities in Brazil for the Summer Games, the criminal element looks to cash in.

In a country already riddled with criminal activity ranging from drug-lords to K&R (kidnapping and ransom), the larger threat to this massive influx of population will be cyber criminal activity. Even as the best U.S. and Interpol agents with feet-on-the-ground share intelligence, they are primarily focused on thwarting terrorist plots rather than mitigating low-level cyber crime. Meanwhile, hijacking smartphones, credit card skimmers, online profiles, rogue access points, and compromised hotel connections all offer ways for attackers to apply their trade.

This isn’t a new phenomenon. With any global scale event, cyber criminals look for opportunities to launch attacks. But what makes the Olympics unique, and unfortunately daunting when it comes to dealing with threat actors, is its duration and the number of high-profile athletes, individuals and sponsor companies in attendance. Unlike other global sporting events such as the Super Bowl or World Series, the Olympics takes place over 17 days with attendees staying for extended periods of time, widening the window for criminal opportunity.

Often times the victims are unknowingly exposed to a daily onslaught of vulnerability probes, brute-force password attacks, and man-in-middle attacks against their electronic devices/profiles.

The more advanced adversary can purposefully identify a target (i.e., a corporate executive) and methodically launch pre-calculated attacks over days and weeks instead of hours, even to the point of establishing direct contact to enhance a social engineering attack or malicious website re-direct.

Many organizations lack the breadth and quality of threat intelligence they need to detect these types of sophisticated and targeted attacks that play out over extended periods of time. Or if they do have various threat intelligence feeds, they aren’t able to separate out the noise in order to hone in on real threats and understand how to deal with them to mitigate damage. This requires correlating indicators of compromise and other data from a variety of sources and seeing attack patterns and trends in order to protect those most frequently targeted – like C-level executives.

A Threat Intelligence Platform (TIP) allows organizations to get the most from their existing threat intelligence and other security investments to make greater sense of the data they have and be able to act on it more quickly.

Over the duration of the Olympics how many corporate executives will accidentally log into a rogue wireless access point to check their banking status or work e-mail? I suspect nearly all of them. The fallout from the successful attacks at the Olympics will probably take weeks or months to surface. Its impact will depend on how quickly defenders can block attacks and limit adversary opportunity. Read this article to learn more.


Blog Archive

About ThreatQuotient™

ThreatQuotient™ understands that the foundation of intelligence-driven security is people. The company’s open and extensible threat intelligence platform, ThreatQ™, empowers security teams with the context, customization and prioritization needed to make better decisions, accelerate detection and response and advance team collaboration.
Share This