Hack attack: Olympics used to spam and phish

The Olympics is one of those rare occasions where the entire world comes together, setting aside various differences for the competition. The Games is a chance for each country to put their best foot forward and demonstrate their athletic skill and prowess.

With a total of seven Gold, 16 Silver and 12 Bronze medals, Australia may not have done as well as they expected but the nation’s spirit of goodwill and enthusiasm always generates enormous amounts of excitement for athletes and spectators alike when it comes around every four years.

Unfortunately, it’s exactly this goodwill that attackers attempt to prey upon. The July Symantec Intelligence Report (SIR) explores how attackers used the Olympics as bait for spam, malware and phishing attacks. Olympic themed hashtags on Twitter were used to spread malicious code, bundling threats with popular Olympic-themed Android apps, and creating spam and phishing scams that pretend to be contests sponsored by credit card companies—all in the hopes of taking advantage of the excitement surrounding the event.

The report also takes a look at the increase in the use of attack toolkits, better known as ‘exploit kits’ for spreading malicious code. The toolkits primarily focus on exploiting third-party browser plugins, such as Adobe Reader, Adobe Flash Player, and Java.  The amount of attack toolkit activity on the threat landscape is now three times as many compared to the last six months of 2011.

While the appearance and end result of attacks remains the same, there is a definite shift taking place in terms of how these attack toolkits are set up and administered. Symantec also highlights the sometimes-overlooked impact toolkits can have on personal and SMB websites—if your web server isn’t properly patched and secured, it could play host to an attack toolkit. According to the Symantec Intelligence Report, 2,189 malicious websites were block per day throughout July which was a four percent increase from the previous month.

Attackers have also tailored their attacks toward mobile devices and social networks. The authors behind Android.Opfake used the Olympics to spread malware via mobile apps that once installed, sent premium-rate SMS messages from the compromised device, leading to profits for the attackers and an increased mobile phone bill for the user.

These attacks while not a new phenomenon, having appeared at the 2008 Olympics in Beijing and during the 2010 World Cup Olympic campaigns in South Africa, showed the social engineering tactics employed to spread to new audiences. For the most part there may only be a few differences in the attacks; for example, spammers began their Olympic campaigns quite early, sending out the first span back as early as March this year.

While the Olympics may now be over, the attacks continue. The way they are deployed will continue to evolve, so to avoid spam, malware and phishing scams, Symantec recommends:

  • Not clicking on suspicious links in email messages.
  • Never entering personal information in a pop-up page or screen.
  • When entering personal or financial information, ensuring the website is encrypted with an SSL certificate. Look for a padlock, ‘https’, or a green address bar.
  • Frequently update security software which can protect you from online phishing.
  • Restrict the amount of personal identifiable information posted on social networking sites.

Related Stories