Connect with us

Hi, what are you looking for?

HEADLINES

2016 Rio Olympics deserves special attention, says IT security firm

Cyberattacks during the Olympic games are not new. We have seen a spike of attacks focused on the Olympics – including targeting vendors and spectators – beginning as far back as the 2004 Summer Olympics in Greece. 

However, there are three main reasons why the 2016 Rio Olympics deserves special attention, according to Fortinet’s FortiGuard Labs cybersecurity threat report.

First, analysis seems to indicate that cyberthreats and attacks are not (yet) a priority for Brazil. According to the World Economic Forum’s (WEF) ranking of global risks, Brazil only ranks concerns about cyberattacks as #23, and data fraud/theft at #16. This is concerning since countries like the US, Japan, Germany, Netherlands, and a few others rank cyberattacks as their #1 business risk. Given the high profile of the Olympic games, we would expect the risks of cyberattack and data theft to be ranked much higher for Brazil.

Second, the volume of malicious and phishing artifacts (i.e. domain names and URLs) in Brazil is on the rise. In June, Brazil’s percentage increase was higher in three of four categories in Fortinet’s report when compared with the global percentage increase. The highest percentage growth was in the malicious URL category at 83% compared to 16% for the rest of the world.

Advertisement. Scroll to continue reading.

Lastly, as the 2016 Rio Olympics unfold, the history of these increased attacks will undoubtedly continue and FortiGuard Labs is already seeing indicators of repeat techniques such as domain lookalikes for payment fraud and malicious websites or URLs targeting event and government officials.

“Behavior Blending”

We are seeing signs of increasingly sophisticated methods to help attackers persist inside systems they have breached. It is something we call “behavior blending.”

As the name implies, behavior blending is a technique used by criminals that allows them to blend in with everyone else on a compromised network. Once an attacker succeeds in acquiring valid user credentials, they proceed to assume the identity of the user through monitoring and learning the online behaviors of the authorized credential owner. They then attempt mimic as closely as possible the normal behavior patterns of that user. This allows them to remain unnoticed by the latest generation of automated analysis tools searching for anomalous behaviors.

Of course, this requires considerable research for success. As it’s very difficult to understand and replicate normal behavior patterns right away, we have been able to identify threat actors before they become camouflaged.

Advertisement. Scroll to continue reading.

Traditionally, this sort of obfuscation is difficult even for seasoned penetration experts with authorized access to systems. But new tools are emerging to speed up and enhance this process. Because this evasion technique has a lot of potential for thwarting detection, we expect to see more of it as the technique is refined and new tools are developed to better mimic the behavior of a credentialed target. It also represents a new challenge for defenders and security vendors looking to identify sophisticated attacks based on behavior analysis.

Increased Threats

Overall, we continue to see an increase in threat activity. This isn’t news, per se, but the implications are worth considering.

First, we are seeing the return of old threats and attack vectors, as well as the continued persistence of classic attacks, such as Conficker and ransomware, through updated variants. Of course, this begs the question: Why, after all the money and research being spent on security, are not only the number of attacks increasing, but many older attacks continuing to persist? Surely, the sophisticated cybercriminal community wouldn’t still be using these if they weren’t successful.

The answer, of course, is complicated. New user devices and applications, new communications methods, the rise of virtualized and cloud-based networking, and things like IoT continue to expand the attack surface. And many organizations continue to adopt and deploy these new technologies before security has rotated to protect them. And far too many organizations are simply skating by on doing the absolute minimum hoping they get overlooked, or because the tradeoff between productivity and security seems too high.

Advertisement. Scroll to continue reading.

But there is another issue at work here: it’s the industry’s general approach to security that is a critical part of the problem. It’s clear that increased spending on traditional, isolated security devices isn’t working, because networks are still getting broken into pretty consistently. Like the old saying goes, we keep doing the same thing over and over again hoping for a different result. It turns out that the classic arms race approach is a zero sum game.

Download and read the report.

Advertisement
Advertisement
Advertisement

Like Us On Facebook

You May Also Like

HEADLINES

In rigorous evaluations conducted by prestigious cybersecurity testing organizations, Kaspersky Plus (starting in Q4 2024, Kaspersky Premium), Kaspersky Endpoint Security for Business (KESB), and...

HEADLINES

"Given the Philippines' high exposure to cyber threats, it's important for both individuals and businesses to stay vigilant," said Adrian Hia, Managing Director for...

White Papers

When compared to 2023, Sophos saw a 51% increase in abusing “Living off the Land” binaries or LOLbins; since 2021, it’s increased by 83%.

HEADLINES

Someone illegally acquires or uses personal information such as bank account or credit card numbers of another person to obtain money, goods or services....

HEADLINES

The partnership enables MCU to integrate Fortinet’s Network Security Expert (NSE) training and certification program into its academic offerings, either as part of the curriculum or...

HEADLINES

To stay ahead of these challenges, organizations need to invest in AI-driven defenses, transition to quantum-safe encryption, and adopt a Zero Trust approach to...

HEADLINES

There was a 121% Year-on-Year (YoY) increase in identity fraud in 2024 across the region, with significant surges recorded in Singapore (207%), Thailand (206%)...

HEADLINES

As part of RCBC’s 2024 Cybersecurity literacy program, the webinar aims to help Filipinos level up their online banking safety by providing them with...

Advertisement