“Hackers, spammers and scammers often take advantage of major events, like the Olympics, to steal confidential consumer and corporate data and information or to generally create chaos,” says Don Gray, chief security strategist for Solutionary. “Since the 2008 Games, new and more malicious threats have surfaced and attacks are more prevalent, from the Google email hacks to Twitter and Facebook denial of service (DDOS) attacks. In the age of Web 2.0 and constant connectivity, it’s more important than ever for businesses and individuals alike to remain vigilant about information security – especially around an event of such international significance.”
Solutionary’s information and cyber security experts have identified the following as the top five information security risks around the Olympics:
Social Networks & Instant Messaging (IM) – In recent months, sites and services like Facebook, Twitter and MSN Messenger have been repeatedly targeted by hackers. Keep your guard up, even during the excitement of the Games. Who you are connecting to? How you are connecting to them? Are you sharing information that could be used for social engineering? Never share files thru IM services and connect only to branded, trusted information sources.
Masquerading Wireless Networks – Always know what network you are connecting to and avoid unsecured wireless networks. Only connect to networks associated with trusted brands/providers and be sure to verify names and credentials of the access points.
Malvertising – Website ads containing malicious exploit code may be hosted by unsuspecting websites in an attempt to maximize online ad revenue around the Games.
Hacktivism – Nationalistic pride can be a powerful motivator in driving hackers to initiate attacks. In the recent Google hacking incident there was evidence of retaliatory hacking affecting Baidu.com.
Whaling – Corporate executives and guests should be trained to recognize attempts to target them, their laptops, and phones for exploit. Promotional items can easily be faked. Emails, devices, CDs, and memory sticks can all convey malicious software.
Solutionary’s experts recommend Olympic attendees, advertisers and Vancouver-area businesses take the below security precautions, at a minimum, leading up to and during the Games:
Awareness – Make sure everyone in your network – whether it’s your kids or your employees – is aware of potential threats. If they are aware of heightened risk, they will be more vigilant and likely to flag suspicious activity or items.
Protect Endpoints – Attendees must protect mobile computers and phones as these devices often are targeted for the data they contain as well as an exploit path for stealing account credentials, credit card information, etc.
- If you can, leave them at home. Consider limiting yourself to one pocket-able device that’s easy to keep track of.
- If you must have a laptop, ensure that it is up to date with the latest patches, anti-X (virus, spyware, malware) software.
- Remove all non-essential data from laptop before traveling – especially if it’s confidential or sensitive.
- If you must travel with sensitive or confidential data, employ strong whole disk encryption.
Check, Double-Check and Re-Check Security Processes - Local businesses and advertisers should review their information security countermeasures, validate that patches are up-to-date, that web applications are not vulnerable, and that wireless networks are secured using WPA/WPA2 authentication and TKIP/AES encryption.
Log Monitoring - Local businesses involved with the Games and advertisers must recognize that their participation brings about the possibility of increased motivated attackers targeting them for nationalistic or political reasons. Ensure security log monitoring is adequate to handle the increased threat level and volume.
Check ATMs - Attendees and local financial institutions should be vigilant about checking for ATM pin-pad skimmers. Most pin-pad skimmers can be detected by careful examination and physical checking as they are often taped on top of the real card-entry mechanism on the ATM. If there is any doubt, find another ATM to be safe.