AuthentificationCyberCrimeFirewallSecuritySecurity ManagementVirus

Researchers Warn Of Rio 2016 Malware As Olympic Searches Return Threats

Steve McCaskill is editor of TechWeekEurope and ChannelBiz. He joined as a reporter in 2011 and covers all areas of IT, with a particular interest in telecommunications, mobile and networking, along with sports technology.

Follow on: Google +
Google + Linkedin Subscribe to our newsletter Write a comment

Cybercriminals will likely target Rio 2016 as researchers warn Olympic searches are already returning threats and federation websites compromised

Just as Pokemon Go and the recent Euro 2016 football tournament in France have created cybersecurity headaches for businesses, researchers are warning cybercrminals will look to capitalise on the Rio 2016 Olympic Games this summer.

Zscaler has found ransomware on the South African Gymnastics Federation and suggests it is a sign of things to come as interest in the Olympics heats up and sports fans search for live streams, tickets and other information.

“As we get closer to the event, we expect to see a rise in threats and scams leveraging Olympics topics to target a large number of victims,” it said.

Rio 2016 cybersecurity

Maracana Rio de JaneiroThe federation’s website leads users to a landing page for the CryptXXX ransomware using the Neutrino exploit kit. Before encrypting the data, the malware seeks to delete shadow copies of files before encrypting data.

Separately the researchers simulated another attack, this time involving the RIG Exploit Kit, when searching how to make a Rio 2016 themed cake. Of course, these assaults could be random, but it is likely the Olympics will encourage more targeted attacks.

“The compromised site contains a malicious inject hidden in the jquery.js file that redirects the user to a gate. This gate redirects the user to the RIG landing page, which loads a malicious .SWF [Flash file],” they said.

“Following exploitation, a payload encrypted with a simple XOR cipher is downloaded onto the victim’s system. The malware in question is the infamous worm, Qakbot. In addition to attempting to spread itself across network shares, Qakbot can allow remote access to the user’s system, steal information from the victim’s machine and exfiltration to the attacker’s remote server, among other functions.

“The threat installs itself as a service named “Remote Procedure Call (RPC) Service” to mask its presence and ensure persistence.”

Like other scams, Zscaler recommends users stay away unofficial app stores, check for legitimate URLS and avoid emails with attachments or offers that seem too good to be true.

In the past few weeks, scammers have targeted Pokemon Go fans with fake applications, while Euro 2016 saw similar sporting-themed ruses such as tickets.

What do you know about sport and technology? Try our quiz!