Search This Blog

Showing posts with label Tokyo Olympics. Show all posts

Group-IB Found 140 Resources with Fraudulent Schemes under the Guise of Olympic Games Broadcasts

 

Group-IB experts have identified 140 resources in the network that, under the guise of live broadcasts of the Winter Olympic Games in Beijing, redirect users to fraudulent and phishing sites. Most of the dangerous resources are already blocked. 

"After the opening of the XXIV Winter Olympic Games in Beijing, the specialists of the Information Security Incident Response Center (CERT-GIB) found 140 active resources that were used to host illegal broadcasts, and therefore for scamming and phishing. In total, 289 sites could potentially be involved in the scheme," said experts. 

The largest fraudulent network is Kinohoot, which includes over a hundred resources. During the Summer Olympic Games in Tokyo, CERT-GIB specialists found 120 resources of the same type created for conducting fraudulent live broadcasts. 

Group-IB explained that the user sees on one of the pages of the hacked resource a video player window with an embedded link to the live broadcast and symbols of the Winter Olympic Games. Users must register, enter the phone numbers and indicate a special access code to watch the broadcast. This leads the victim to phishing resources. 

Attackers can offer users to participate in the drawing of free access to broadcasts, and to receive a cash prize, the user must pay a conversion fee, which is usually 300-500 rubles ($4-7), and enter bank card data on a phishing resource, or send an SMS to the specified number. Instead of broadcasting, the victim is connected to various paid services and subscriptions. 

"Such Internet scams have been known for quite a long time, but scammers constantly adjust their schemes to popular or significant events in the world and, of course, use newly registered domains for this. In this scheme, in order to gain the trust of the victim, the redirect is often placed on legitimate hacked sites, for example, universities (Ecuadorian Universidad Esp ritu Santo or Indonesian Universitas Muhammadiyah Yogyakarta), charitable foundations and non-profit organizations (African Studies Association)," said the head of CERT-GIB Alexandra Kalinina. 

Group-IB experts recommend to follow sporting contests of the Olympic Games only on official resources, as well as to be wary of draws and not to enter the data of bank cards and personal data on suspicious sites.

Nearly Half a Billion Cyberattacks Targeted the Tokyo 2020 Olympic Games

 

The NTT Corporation, which was in charge of supplying a large portion of the network security and telecommunications services for the 2020 Olympic and Paralympic Games in Tokyo this year, claimed that over 450 million attempted cyberattacks occurred throughout the event. Officials from the company have stated that none of the attacks were successful and that the games went off without a hitch. Despite this, the total number of attacks was 2.5 times higher than during the 2012 London Olympics. 

Emotet malware, email phishing, and phoney websites that looked like the official Games sites were among the assault types, according to NTT. NTT further claims that the attacks were successfully thwarted due to 200 cybersecurity professionals who had undergone extensive training and simulations of anticipated attacks before the games. These dangers were not unexpected; the company had anticipated ransomware and Distributed Denial of Service (DDoS) attacks from state-sponsored hackers, as well as strikes against key infrastructure.

"Cybercriminals certainly saw the Games -- and its related supply chain -- as a high-value target with low downtime tolerance. After all, crime follows opportunity. And with connected stadiums, fan engagement platforms, and complete digital replicas of sporting venues and the events themselves becoming the norm, there's plenty of IT infrastructure and data to target -- and via a multitude of components," NTT's Andrea MacLean said. 

NTT released a detailed report on the games, stating that it offered both communication and broadcasting services to connect the Games venues with the Tokyo Big Sight, which served as an International Broadcast Centre. To prepare its cybersecurity team, NTT stated it performed various cybersecurity training programmes and ran simulations ahead of the event. 

However, NTT was not the only corporation to foresee the threats. The FBI also issued a private advisory before the event, advising individuals working on the 2020 Olympics to be prepared for possible threats. According to the FBI report, the attacks could include "threats to block or disrupt live broadcasts of the event, steal and possibly hack and leak sensitive data, or impact public or private digital infrastructure supporting the Olympics, or impact public or private digital infrastructure supporting the Olympics." 

The FBI's notification went on to mention the Pyeongchang cyberattack in February 2018, when Russian hackers used the OlympicDestroyer malware to destroy web servers during the opening ceremony.

Cyberattacks Zero in Tokyo Olympics as Games Begin

 

Malicious malware and websites have targeted both event organizers and regular spectators as the Tokyo Olympics' opening ceremony approaches. 

According to Tokyo-based Mitsui Bussan Secure Directions, this malware was published to the VirusTotal malware-scanning site on 20 July and has been identified by numerous antivirus software companies throughout the world. 

A fraudulent PDF file masquerades as a Japanese-language document on cyberattacks associated with the Olympics. When users open it, malware enters their computer and deletes the documents. The dubious PDF was allegedly sent to Japanese event officials by hackers in an effort to erase important Olympics-related data. 

Takashi Yoshikawa of MBSD cautioned concerning the "wiper" malware. The so-called Olympic Destroyer virus caused severe system interruptions at the 2018 Winter Games in Pyeongchang, South Korea. 

TXT, LOG, and CSV files, which can occasionally hold logs, databases, or password information, are targeted for deleting alongside Microsoft Office files. Furthermore, the wiper targets files generated using the Ichitaro Japanese word processor, leading the MBSD team to assume that the wiper was designed particularly for PCs in Japan, where the Ichitaro program is often installed. 

Yoshikawa added, "This is the type of attack we should be most concerned about for the Tokyo Olympics, and we need to continue keeping a close eye on this." 

Fraud streaming sites have also become a major source of concern for the Games, especially now that COVID-19 concerns have virtually prohibited viewers. The websites, which appeared when users searched for Olympic-related phrases on search engines like Google, require users to accept browser alerts so that malicious advertising can be shown. Numerous sites of this sort have previously been discovered by Trend Micro. 

In Japan, Olympic content is provided for free of cost on two official streaming service platforms: one operated by state broadcaster NHK, and the other named TVer, which is managed by commercial broadcasters. In the country, other streamers are not permitted. 

Trend Micro advises that clicking those links might expose the user to assault, advising viewers to watch the Olympics on officially recognized sites. Fake Olympics websites featuring important keywords like "Tokyo" or "2020" in their domain names are another concern. In a probable phishing attack, the login information of ticket purchasers and volunteers was also exposed online. Organizers are advising prudence in the wake of such dangers.