2018 Winter Olympic Cybersecurity Threats
The 2018 Winter Olympic Games in Pyeongchang, South Korea are in full swing and unfortunately, so are the bad guys.
Last week the official Olympic website went down for hours as it fell victim to an attack. The malware has now been dubbed the “Olympic Destroyer” and experts are on the hunt to uncover how this destructive disturbance was launched and by whom.
The bad guy’s target isn’t always so massive, as is the case with the phishing attacks and malware circulating via email and social media.
Olympic Phishing Email
Like typical phishing emails the use social engineering to try to get the reader to do something like click on a link or download an attachment. In one case, hackers are sending emails disguised as being from the country’s National Counter Terrorism Center with a malicious Word document attached to organizations associated with the Olympic Games.
After the Word document is opened the reader is told to enable content and this is where the trouble begins. Once enabled, and PowerShell is launched, a seemingly benign image becomes the vehicle for hackers to later execute malicious script directly from memory. How? A new tool called Invoke-PSImage, which hides script in the pixels of an image.
What is worse is the script is hidden within the pixels of an image and traditional antivirus solutions can’t detect it. This example is so dangerous because it does not have to be downloaded as we have seen in the past.
Social Media Targeting
Other scams to be on the lookout for circulate via social media.
There are plenty of scams that offer free tickets or tickets to fake competitions but unless you are boarding a plane for South Korea you probably won’t fall for those.
A more likely scenario is one asking you to sign up to receive breaking news, updates and/or a behind the scenes look of the games. There is also the chance you could fall for clicking on a link shared by a connection on Twitter or Instagram.
Think before you click! This cannot be stressed enough. Be it through email or social media, the bad guys are lurking and want your personal information and data. Don’t fall victim to their schemes – learn how to identify their tactics.
Other posts help you learn more about how to steer clear of cybercriminals:
Be aware of password best practices.
Make sure the people in your organization know how to identify potential threats.
Arm yourself with knowledge.
Figure out where to begin.
Consider a risk assessment.
If you would like to speak to someone about your organization and it’s needs, we would be happy to help. Reach out to us at 937.885.7272.
Follow us on Facebook, Twitter and LinkedIn and stay up to date on Hacks, Attacks & Cybersecurity by subscribing to our email list.
