Don’t be the business to drop the baton this summer Zscaler warns
Summer Games challenge businesses to refocus security posture
Zscaler, the leading cloud security provider, has issued a strong warning for organisations to refocus their security efforts ahead of this year’s biggest summer sporting event. Cybercriminals are aware that users are searching for convenient ways to stay up-to-date with the latest sporting action, forcing enterprises to roll out revised security policies that ensure the security of users watching, searching for, or downloading associated sporting coverage.
Most critically, organisations need to consider their exposure to phishing and malware attempts, exploitation of mobile applications and how this will impact business continuity. ThreatLabZ research from past events highlighted that 80 per cent of “Olympic” web domains were found to be scams or spam, pinpointing the need for increased business vigilance.
Chris Hodson, EMEA CISO at Zscaler said:
“Protection and productivity should be at the forefront for business leaders across the world in the run up to the Games. In the last few years we’ve seen cybercriminals using spam emails and scam websites mirroring legitimate sites to entice users to click on, and download malicious files. This year’s events host similar risks and we should expect similar techniques from those trying to exploit users.”
In considering their risk profile so that its infrastructure and employees, are prepared, businesses need to ensure ‘enterprise readiness’ across three key areas – business productivity, cyber threats and approved applications – when preparing for the sporting season.
As businesses shift to the cloud, cyber security and prioritisation of web traffic remains a priority. Online streaming of events from official broadcasters runs the risk of diverting employee attention and saturating network bandwidth that is required for critical business applications, including Salesforce, Office 365 and Workday.
“While it may seem easier to simply blanket ban any live coverage of the Games during working hours, this will only leave employees feeling demotivated and encourage them to look for other means of viewing events. This could in turn result in an increase in absence from the office and leave employees open to social engineering attacks, as their vigilance is lowered as they look for any means necessary to stream popular events. Rather, organisations should take a proactive approach to ensure bandwidth is appropriately provisioned.”
Phishing and Malware
While phishing can take multiple forms – from spam email messages, social media, Typo Squatting and over the phone social engineering – all have the same end-goal to make money by harvesting usernames and passwords, personally-identifiable information and/or payment card information.
At the Vancouver Games, Zscaler observed cybercriminals masquerading themselves as legitimate websites and applications in order to upload malware and steal sensitive information – we expect the same at Rio. Criminals use international events to capitalise on customer excitement and demand, often creating bogus ticket purchasing sites, offering discounted tickets or even tickets to sold out events. “Falling for one of these scams not only leaves customers disappointed when tickets fail to arrive, but they have also left their personal information exposed, as these sites are rarely protected with at-rest and in-flight encryption technology” comments Hodson.
Directing user traffic to bogus domains allows cybercriminals to leverage readily available exploit kits which look for vulnerabilities to load arbitrary malware onto, whilst also allowing criminals to offer seemingly free streaming of events. The Zscaler ThreatLabZ research team has already found cases of exploit kit traffic coming from “Olympics”-related content and predicts more attacks targeting users with emails and attachments around further “Olympics”-related content, discounts and schedules.
“Cybercriminals will look to play on our anticipation of the Games this year” predicts Hodson. “Businesses need to ensure that they are able to identify phishing sites and detect scripts which are running in webpages which could be malicious. Relying on URL filtering and reputation off-site is no longer an appropriate cyber security defence framework. Streaming sites should be enabled on a whitelist-only approach” Hodson continued.
Mobile Apps and App Stores
Just last month, malware disguised itself as an online banking app for Russian’s largest bank, Sberbank, mirroring a similar login screen to the original app in order to steal user credentials as soon as the victim tried to authenticate. While Trojan malware that uses mobile applications as a delivery mechanism is nothing new, during major sporting events, cybercriminals will be looking to exploit the fact that millions of users will be looking for convenient methods of keeping up-to-date with the sporting action and will write mobile-applications that mirror their official equivalents.
While the business and security implications that the Games bring are not to be taken lightly, many of the tactics cybercriminals will be using to target unsuspecting users are unlikely to be anything new. As a first line of defence against mobile malware, organisations need to be blocking access to third-party app stores and only allowing access to the Play Store and Apple App Store (for Android and IoS respectively). And while there are isolated instances of rogue applications finding their way to approved stores, the risk has found to be significantly lower. Organisations need to also be considering sandboxing technologies to detonate and inspect unknown Android APK files being downloaded to corporate devices.