Monday, 18 July 2016

On 01:43 by admin   No comments
When each nation’s best athletes compete at the Olympic Games, one city seemingly becomes the center of the universe. And while we look on closely—captivated by the event’s grandeur and its participants’ incredible skills—threat actors do the same, only for entirely different reasons.

Every four years, the host country pours an enormous amount of time and resources into building venues for the many different events, as well as the infrastructure necessary to accommodate the massive influx of visitors. In fact, the total cost of the 2016 Olympics in Rio de Janeiro, estimated to exceed $12 billion, has increased by $99.3M since August alone.

And the host isn’t the only one spending big—spectators and revelers will shell out millions on tickets, travel, and accommodations, while sponsors like Coca-Cola, McDonald’s, and Nike put hundreds of millions into sponsorships to make sure they get their share of the spotlight. By and large, the Olympic spending frenzy makes easy work for threat actors looking to fool people and organizations out of their money. It’s no surprise that RiskIQ, an external threat intelligence and detection company, is seeing a sharp rise in fraudulent sites and mobile apps related to the Rio Olympics.

Fraudulent sites

Ticketing scams, namely the use of fake websites, are one of the most common ways Olympics-goers are being taken advantage of. Fake sites target a specific organization by using either the name of the company in the domain (log-in-page-companyname.com), a variation of the spelling of a brand (favebook.com), or the organization name and an uncommon TLD (companyname.net, companyname.de, companyname.party, etc.). Malicious actors often use hundreds, even thousands of spellings across different domain variations to spread their reach. Their shady domains can resolve to or create redirects to hosts targeting visitors.

In the case of the fake site below (which RiskIQ found and blacklisted), the brand is that of the Olympic Games themselves. The URL resolves to a site selling fake tickets—even to events that are known to be already sold out, like the Opening Ceremony. Victims of this scam get nothing in return and have no way of getting their money back.

0 comments:

Post a comment