The dust has barely settled on football’s 2010 World Cup yet computer security researchers are already finding evidence that cybercriminals have set their sights on the next major international sporting event – the 2012 Olympic Games to be hosted in London, England.
According to Kevin Hogan, senior director, development at Symantec, World Cup 2010 confirmed an ever-increasing trend of cybercriminals exploiting social engineering, particularly online users’ insatiable search for news – be it current affairs-, celebrity-, or sports-related.
“All the evidence points to the fact that this trend will continue and as the clock runs down to London 2012, we can confidently predict a surge in malicious online activity around the event,” he says.
Symantec researchers have already identified a number of classic lottery e-mail scams using London 2012 as a hook and expect this trickle to become a flood in the next 18 months. Here recipients are informed they have won an amount of money and persuaded to part with personal details and often a processing fee in order to collect their winnings (see screenshot below).
“These advance fee frauds, together with e-mail spam cloaked with a thin veneer of Olympian respectability but in reality linking to dubious merchants or malware infected sites, will in all probability make up the bulk of malicious cyber activity related to London 2012,” Hogan says.
“Also, we noted a disturbing rise in incidences of cybercriminals exploiting the popularity of social networking during World Cup 2010, far higher than that experienced during the Vancouver Winter Olympics just months earlier. It will be interesting to observe whether this will hold true for London 2012.”
The Olympics could also prove to be a yardstick for measuring the vulnerability of mobile phones to cyber attack. Modern smart phones are suspect to malicious activity such as phishing, scam websites and even drive-by downloads where malicious codes such as Trojans can be downloaded to the device.
“Fortunately, to date, this type of activity has been relatively limited with around 400 threats covering all mobile platforms identified. However, the growing convergence of technology means that it is unlikely that cybercriminals will continue to neglect what is a potentially huge platform for their activities,” Hogan says.
Search engine optimisation (SEO) poisoning where cybercriminals use popular search terms to push their infected sites higher in the rankings of popular engines continued to rank high on the list of malicious activity during World Cup 2010.
“SEO poisoning is a common tool of the purveyors of fake security software and relies almost totally on social engineering to lure the unwary. Once again we can confidently predict that widespread interest in the Olympics and the participating personalities will lead to a surge in this activity in 2012,” Hogan says.
He adds that World Cup 2010 saw a small increase in the average number of targeted, malicious e-mail attacks. Cited by experts as the most damaging type of Internet threat, a targeted attack is designed to target a specific individual or organisation.
Targeted attacks often use legitimate details in the e-mail, but urge recipients to open a malicious attachment, which will compromise their PC or network in some way.
Says Hogan: “Targeted attacks are very different to the other more common scams in that the attackers often do not know exactly what they’re looking for but target specific persons in an organisation who they believe have access to information that could be of value.
“As such, these are less likely to rely on sporting events as a social engineering hook, but could be disguised as financial or stock market reports that could interest a chief financial officer, for instance. The threat to London 2012, therefore, should be relatively small.”
Cybercrime is a growth industry increasingly driven by sophisticated and organised syndicates. All the evidence points to it growing exponentially and continuing to exploit the social vulnerability of events like the 2012 Olympic Games.
Says Hogan: “Security companies will continue to enhance the protection they offer users against the threats posed by these criminals, but the real answer lies in ongoing user education.
“Creating a pool of savvy users is the surest and fastest way to hit the criminals where it hurts most – their profits.”