Potential Cyber Risks with the Winter Olympics

Sochi-2014-Company-OlympicsThe media has covered many stories about potential dangers at the 2014 Winter Olympics, but here’s one threat you may not have considered. The United States Computer Emergency Readiness Team (US CERT) has issued the following warning:

“Whether traveling to Sochi, Russia for the XXII Olympic Winter Games or viewing the games from locations abroad, there are several cyber-related risks to consider. As with many international-level media events, hacktivists may attempt to take advantage of the large audience to spread their own message. Additionally, cyber criminals may use the games as a lure in spam, phishing, or drive-by-download campaigns to gain personally identifiable information or harvest credentials for financial gain.

Olympic Coverage 
Whether viewing live coverage, event replays, or checking medal statistics online, it’s important to visit only trusted web sites. Events which gain significant public interest and media coverage are often used as lures for spam or spear-phishing campaigns. Malicious actors may also create fake web sites and domains that appear to be official Olympic news or coverage that can be used to deliver malware to an end user upon visiting the site (also known as drive-by downloads or watering holes).

NBC Universal offers exclusive coverage of the games for viewers via NBC, NBCSN, MSNBC, USA Network, NBCOlympics.com and corresponding Twitter, Facebook and Instagram accounts. Viewers should be wary of any other source claiming to provide live coverage. As always, it is best to visit trusted resources directly rather than clicking on emailed links or opening attachments.

Hacktivists 
A number of hacktivist campaigns may attach themselves to the upcoming Olympics simply to take advantage of the on-looking audience. For example, the hacktivist group, Anonymous Caucasus, has launched what appears to be a threat against any company that finances or supports the games.

According to trusted third-party analysis, the group has been linked to distributed denial of service (DDoS) attacks on Russian banks in October 2013. Therefore, the group is likely capable of waging similar attacks on the web sites of organizations they believe financed Olympic-related activities; however, no specific threat or target has been identified at the time of this report.”

Here is the link to official US CERT warning.