Cyber Criminals Targeting the 2016 Olympic Games in Brazil

Hi guys,

Going to Watch the Olympics this year?

Just as the cybercriminals leverage on popular sports events like the World Cup, they have started doing it with the Olympics. However the forthcoming Olympic Games have seen fewer attacks. This could be because the International Olympic Committee (IOC) keeps a very active Security Operations Center (SOC), working and treating the security incidents, reporting phishing and malware campaigns. As a result, the number of “in-the-wild” attacks targeting users at this time are low.

But the malicious actors still have their way.

Bad domains have rapidly increased. Criminals are constantly registering new creations at the start of every attack and the blacklist contains more than 230 of these bad domains. Many of these domains are registered as free webmail accounts or use domains to hide the owner information. Some of these domains are hibernating and will pop up at the right moment to start an attack. Several other fake sites are used to sell tickets and fake ticket giveaways — that’s not all, these domains are already using the new gTLD approved by ICANN (such as .tech and others)

When it comes to phishing attacks, it’s not only end-users who are targeted. Brazil is known as the most attacked country with this type of scam. In February, a campaign targeted the domain monitoring system, against the IOC using the malicious domain masquerade as their Intranet portal to get the credentials of the IOC employees in Brazil.

Phishing the end user was one of the most common attacks. One popular attack identified was the one that aims to clone your credit card using the name of a Brazilian company and promising to giveaway a new car and tickets to the Games.

Malicious e-mails are being circulated offering free tickets to watch the Games in Rio. Some of these messages point to fake websites. Some promise the direct sales of tickets without applications to the official lotteries that take place for people living in Brazil.

Several websites offered fake tickets at very low prices. The objective was to trick the users and get their money for no return.

In some websites, the payment method selected by the fraudster was Brazilian boletos, a very popular payment system, used mostly for people that don’t have credit cards.

Social media was also used to spread their attacks. In fact, Facebook was the most used network in these cases, with fraudulent pages announcing fake ticket giveaways and whatnot.

It’s too late to buy tickets for the game from official channels. It’s not recommended to buy tickets through unofficial markets as there is a high chance of getting cheated. Best thing now is to watch the games on TV or online – but again beware of malicious streaming websites, as they will undoubtedly appear in a last ditch attempt to try and infect your computer and steal your data.


What about WiFi security?

Cybercriminals know that many people look for free Wi-Fi spots and set up fake access points or compromise legitimate WiFi networks in order to intercept connections of users with the intent of stealing passwords, credit cards and other sensitive personal information. Open and misconfigured WiFi networks are actually preferred vehicles for criminals.

Near the Brazilian Olympic Committee building, Olympic Park and the stadiums (Maracanã, Maracanãzinho and Engenhão), about 4,500 unique access points can be found.  Most of the networks actually work on the 802.11n standard meaning the hardware used to build them is new and works well for multimedia streaming. But when it comes to security, 18% of all available WiFi networks in the area are insecure and openly configured. That means, all data sent and received in such networks is not protected by any encryption access key. Additionally 7% of all networks are WPA-personal protected which is obsolete and can be hacked easily. So about quarter of all WiFi networks located in Olympic games premises are insecure.

But there is a solution for you to stay safe. Regardless the WiFi network you use while travelling, use a VPN connection, so the data from your end-point travels to the Internet through an encrypted data channel. So even if the Wi-Fi you’re accessing is compromised, the attacker will not have access to your data.

Then again, not all VPN services are secure—some are vulnerable to DNS leak attacks where DNS queries or requests are sent in plain text to the DNS servers to the access point hardware allowing the hackers to intercept your data.

Before you use your VPN connection, make sure your VPN provider support its own DNS servers, if not consider another VPN provider or a DNSCrypt service.

Basically before connecting to any Wi-Fi connection use your VPN connection with its own DNS servers.


USB charging spot

To make it easier for tourists and visitors charging points are set up in public places like shopping malls, airport and taxis. Most of them provide connectors for the majority of phone models as well as a USB connector that can be used with your own cable. When you connect your phone through the USB, malicious guys can execute commands in order get information about the device including the model, IMEI, phone number and battery status. This allows hackers to infect phones.

So try to use your own charger and use a power outlet instead of a USB socket when using an unknown charging point and avoid using charging cables at a public charging spot.


ATM skimmer

The ATM skimmer attack is very popular among criminals in Brazil. For instance, in 2014 a gang installed 14 ATM skimmers in the Rio International Airport.

One of the most common attacks is just to install a reader for the card and a camera in order to record the password as it is typed. You can hide your keypad with the hand while typing the PIN but this will not help in all cases.

Sometimes criminals replace the entire ATM, including the keypad and screen. In this case, the typed password will be stored on the fake ATM system.

Beware of any suspicious behaviour while using the ATM— Check if the green light on the card reader is on because most skimmers don’t have a light or the light is off. Check if there is anything suspicious on the ATM such as missing or badly fixed parts and hide the keypad when typing the PIN.


Credit Card Cloning

Many vendors in Brazil prefer card payments. Unfortunately card cloning incidents are very common. To fight this threat, most banks use chip-based cards making it much harder to clone the card. However, it was only a matter of time before Brazilian criminals would find a way to start cloning the chip-based cards, by exploiting flaws in the EMV transaction implementation.

It is difficult to protect against this type of attack. The point-of-sale is usually modified in order to save the information, but they don’t need physical access to extract the stolen information as it is collected via bluetooth. One way to protect yourself is to enable SMS notifications from the bank for each transaction so you will know as soon as any unfamiliar transaction is processed.

Remember to keep your card safe. Never give your card to the retailer—you go to the machine if they are unable to bring it to you. If the machine looks suspicious, use a different method of payment and keep some cash handy. Before typing your PIN make sure you are on the correct payment screen and that your PIN is not going to be shown on the screen.

So these are the ways in which you can get into trouble so stay safe- Enjoy the games folks !

Source: Akati

Comments are closed.