Security Magazine: Cybersecurity risks at this year's Olympics and Super Bowl
From its experience monitoring previous events, Mimecast warns that threat actors likely will use these two events to target those most vulnerable, including event broadcasters and streamers; sponsors, partners and contractors; and individuals planning to tune in. In fact, security concerns have already started with the My2022 app flaws and the U.S. Olympic & Paralympic Committee warning Team USA athletes of surveillance risks.
Of the multitude of potential attack methodologies available to threat actors, Dr. Francis Gaffney, Director Mimecast Labs & Future Operations, expects two active cyber campaigns, in particular:
- Typosquatting: With typosquatting campaigns, cybercriminals will set up fake websites mimicking official Olympic Games or Super Bowl sites, but intentionally include typographical errors in the web addresses to exploit unwary users who mistype (or click on a link with a very similar name). Rather than visiting the sites, they’re looking for, users are taken to a fake site that appears almost the same as the genuine site, but where malware can be installed or credentials stolen.
- Fake streaming websites: With so many people staying home amid the ongoing pandemic, and the rise of “cord-cutting,” fake streaming websites are being set up to mirror official streaming platforms offering free access to watch the action. The cybercriminals’ end goal is usually to obtain some financial gain from their activities, including harvesting user credentials for sale on Dark Web sites for further exploitation or to be used as part of credential stuffing attacks to access corporate systems in larger campaigns.