If the sophisticated cyberattacks of the 2018 Seoul Winter Olympics, which were recently revealed, are any indication, the 2020 Tokyo Summer Olympics will be cyber for legions of well-equipped, experienced, and possibly state-funded targeted attackers. flies.
About the Author David Carmiel, CTO, KELA Group Long before the age of the Internet, the Chinese philosopher Sun Tzu asserted that "...what enables the wise sovereign and the good general to attack and conquer...is foreknowledge" . To acquire this knowledge before approaching Tokyo, cyber reconnaissance must focus on the dark and subversive underground that is the dark web. Here's how easy it is for hackers to find, buy, and use tools and services that can literally wreak havoc—and what the Olympians can do about it.
What's for sale?
The tools and data available on the dark web threaten everyone associated with the Tokyo Olympics, from international fans and the companies that serve them, such as airlines and hotels, to athletes and their sports associations, host city and its critical and sports infrastructure, and even the International Olympic Committee (IOC) itself with its databases of event results, personal contact details and all other resources it controls. What treasures can hackers find on the dark web, how have they been used in the past, and what could threaten actors planning Tokyo this summer? These are the top four threats that KELA's research team recently monitored on the dark web: Compromised accounts by botnet-infected devices can be used to access the personal data of the device owner, data related to third parties, or sensitive data of the client, all of which can allow threat actors to facilitate sophisticated attacks that threaten games. As an example, we looked at botnet access on major platforms that sell branded tickets for sale on the dark web. A hacker gaining such access could easily steal ticket holders' PII or credit cards. We also saw botnet access to major sponsors of the games, and even the IOC, for sale on the dark web.
FOR SALE: Network Vulnerabilities in the Olympic IT Infrastructure
If exploited, vulnerabilities in a specific Olympics IT infrastructure could be part of a destructive campaign, causing damage to critical networks or commercial interests during the games. During the last Olympic Games, cyberattacks were largely due to vulnerabilities such as open ports, outdated security systems, or unpatched servers. The incidents at the 2018 Seoul games, for example, were linked to network vulnerabilities. And during the 2016 Olympic Games in Rio de Janeiro, Anonymous posted entire databases of network vulnerabilities online, encouraging activists to attack. Also today, we see threat actors offering detailed analyzes of various Olympic-related networks on the dark web, including highlights of vulnerabilities found in those networks.
FOR SALE: Olympic employee or contractor identification information leaks
Leaked credentials allow threat actors to misrepresent legitimate and trusted Olympic entities, such as employers, by launching phishing emails that collect sensitive information about athletes or games, or can be used for extortion purposes. During the Rio games, Anonymous disclosed the personal, financial and login information of local Brazilian sports confederations, including passwords and credentials of registered users. The same year, the hacking group FancyBear leaked World Anti-Doping Agency (WADA) documents and databases containing sensitive medical information about athletes, which originated from a flight of a flight. Credentials Most recently, during the 2019 Rugby World Cup Japan, we discovered a large amount of Rugby World Cup-related personal identification information on the dark web, most of which contained an encrypted password. or in plain text.
FOR SALE: Olympic-themed phishing sites and similar courses
Phishing sites or similar domains can be used to collect personal or financial information from anyone who enters the sites, either by stealing credentials or installing malware on their computers. During the Rio Olympics, hackers created a fake IOC intranet portal so that when employees tried to log in, their credentials were immediately stolen and used to gain access to the real portal. During the Rugby World Cup in Japan, we identified dozens of phishing sites and lookalike domains, and on the dark web we see a growing number of threat actors offering lookalike sites and phishing services related to the 2020 Olympic Games.
What can be done
Organizers, vendors and ticket holders must beware of the massive threats of events of this magnitude and act accordingly, and immediately. Actions to take? Initially, they are indeed well known, but unfortunately they are not always implemented. For example, Olympic organizers and suppliers must ensure that all technologies used in all systems are up to date. Patch all existing vulnerabilities, an action that sounds intuitive, but we've seen lists of vulnerabilities posted on the dark web based on recent scan logs from Olympic-related sites. Close all ports that don't need to be opened, switch to more secure ports or hide sensitive ports behind a VPN or add a WAF (Web Application Firewall). Monitor and remove all found malicious domains. Game organizers must take immediate, public, and far-reaching steps to inform athletes, fans, and other stakeholders about the safety measures that need to be taken before, during, and after the games. All those interested in the Games should use two-factor authentication wherever possible on ticketing sites. Olympic employees and contractors should be aware of good cyber hygiene, such as not saving passwords in your browser. And all gaming-related organizations should install software capable of detecting malicious fingerprinting plugins and powerful antivirus software to prevent malware infections. Not all cyber attacks are preventable. However, much of the vast amount of information readily available on the dark web today would not be there if the above and other simple precautions had been taken to deny hackers a taste of Olympic gold.