With less than a week to go before the Olympic opening ceremony I thought the quick summation of the cyber security threats I highlighted in my weekly roundup blog needed a little more clarity.
As the games get closer I am alarmed by the cyber security warnings that are starting to emerge and also the level of security available in Brazil. Our colleagues and friends over at Security Dialogue put it very well in there comment on my LinkedIn post: “The best handbag snatch opportunity in a long time”.
It’s very clear that even if you’re not going to the games yourself, people or employees you know who are may well return with the electronic equivalent to the much feared Zika virus.
The cyber security threat isn’t confined to the unsuspecting visitor, corporate sites are prime targets for the sophisticated cyber criminals who are already flooding the internet and app stores with fake mobile apps associated with promotions and sponsorships for the 2016 Games. Once published, these can spread quickly throughout the app store ecosystem, spreading to new stores and web download locations, all designed to trap the unsuspecting into delivering the financial or personal information the hacker can sell on. And while you’re out of the country will you be looking at your bank statement or credit card bill daily right? - Probably not, so the hackers know they have all time in time in the world to plunder your money.
So let’s look at some of the information and advice coming out of the different agencies and security companies. For example, USA today has reported that -Bill Evanina, the nation’s chief counter-intelligence executive, is urging travellers to carry “clean’’ devices, free of potentially valuable archives that could be tapped for economic advantage, personal data or security information. “When you travel abroad, assume that your personal information will be breached,’’ Evanina said.
One of the reasons Evanina is concerned is that it’s well known that Brazil doesn’t have a good cyber security record and Brazilian companies are among the worst in the developed world for cyber security. When you couple this statistic with the fact that thousands of visitors are going to be pouring into the city and instantly expect to connect onto the array of WIFI networks in airports, coffee shops, travel hubs etc, the sophisticated hacker has the perfect hunting ground for financial and personal data from which to launch their attacks. As Dave Shearmon of Security Dialogue commented: “The perfect cyber bag snatch.”
Tom Boyden, Managing Director of GRA Quantum was reported in Tripwire as to have commented that hackers will also target visitors through bogus ticket-selling websites, ransomware attacks that prevent victims from accessing their data until a ransom is paid, or phishing emails, such as fake Olympic lottery win notices that prompt victims to provide personal information to receive prize tickets. He has number of very useful tips that could offer some level of protection
- Avoid public Wi-Fi like you would mosquitos. When away from a network you know and trust, be sure to switch off your Bluetooth and Wi-Fi connections on all of your devices.
- Personal and financial data are always the most at risk, Turn off automatic sign-ins to bank accounts, as well as general auto-form fill settings.
- Strengthen your personal security with two-factor authentication, which greatly strengthens security by adding an extra layer of protection in the event your passwords are stolen.
Arian Evans, VP Product Strategy at RiskIQ -Mobile apps also has some good advice for everyone with employees or personnel privately going to the games, he advises:
“A company’s security perimeter is only as strong as its employees. Infected personal devices like mobile phones and laptops are the way in for malware. Companies who have remote employees traveling to the Olympics need to be thinking about security beyond the firewall and take the necessary precautions to avoid the pitfalls mentioned above.” He adds
“Companies cannot leave it up to employees to protect their devices. There are just too many savvy threat actors out there with the tools and the know-how to take advantage of people and wreak havoc on their employers—and eventually the organization’s data. The best way to defend against the growing threat outside the firewall is to discover and monitor your entire attack surface, so you can quickly investigate any threats for rapid response.”
And just in case I have not cheered everyone up enough, let’s focus away from electronic devices you may own to simple things like cards.
Rio is not reported to be the safest place to wander around with large wads of cash and there are already reports of fake police taking people directly from the kerbside at the airport to a cash machine so the unsuspecting traveller can unload their Olympic slush fund into the gangs swag bags.
But these tactics are for the very hardened gangs, the more surreptitious cyber gangs employ different ways to get at your credentials such as placing wireless sniffers close to your contactless cards and eavesdropping sensor data from wearable devices connected to phones via Bluetooth.
They also deploy thermal imaging scanners to read your fingerprints from an ATM swipe screen and pin pads – so get in the habit of turning off your WIFI and Bluetooth and wiping off your fingerprints after each ATM transaction and only using ATMs inside trustworthy venues such as recognised banks.
I’m sure the Games will be a successful and spectacular as ever, it’s down to us all to ensure the cyber criminals don’t win the electronic 100 metre sprint and scoop all the security medals.