In our digital age, cybersecurity is more crucial than ever. Protecting our data privacy and safety is a top priority as we share, shop, work and socialize online. In light of this, the Canadian Center for Cybersecurity recently published an alert outlining several cyber threats connected to significant international sports events.[1] It further warned organizations, sports enthusiasts, and the general public of possible cyberattacks before the most recent Olympics in Paris.[3] It hinted that state-sponsored cyberthreat actors, hacktivists and cybercriminals may take advantage of the moment to organize a series of attacks from fattening their wallets, gathering foreign intelligence, gathering personal data on targets and maintaining continuous access to their victims when they return home.[2]

The bulletin also cited that hacktivists may use cyberattacks such as Distributed Denial-of-Service (DDoS) attacks, website defacements, and hack-and-leak operations to disrupt services and draw attention to their causes. [1]

The Centre cited an incident in which an English football club was the target of a ransomware attack in 2020 that nearly destroyed all of its machines, rendering email, security cameras, and turnstiles inoperable. The club paid a heavy price even though they disregarded the attacker’s demands.[2]

Another instance involving an official of the International Olympic Committee (IOC) recounts where the victim checked into the World Anti-Doping Agency database while staying at a hotel in Rio de Janeiro, according to the bulletin. Their credentials were stolen and used to export massive volumes of data by threat actors sponsored by Russia.

“The compromise disclosed personal information, undermined public trust in WADA and affected Canadian athletes, including four members of Canada’s women’s soccer team.”[2]

Participants, players, officials from the government, and organizations connected to major international sports events are encouraged by the Cyber Center to take “appropriate measures to protect their systems.”

Some of their popular means of attack include the following;

  1. Phishing emails and malicious websites [1] – This is a form of cyber-attack where the attacker impersonates legitimate entities (like banks, service providers, or trusted companies) to deceive individuals into providing sensitive information, such as passwords, credit card information, or personal data. Phishing and email attacks often exploit trust, fear, or urgency to prompt victims into taking immediate, ill-advised actions. it warns that state-sponsored cyber threat actors could use the above means to solicit foreign intelligence and sensitive information from high-profile individuals and organizations.[4]
  2. Search Engine Optimizations (SEO) Poisoning [1] – These are the malicious techniques used by cybercriminals to manipulate search engine results such that their malicious sites make it first on your search results. They do so often to get a user to spread malware, phishing, or promote fraudulent content. These attacks exploit SEO practices to either rank harmful websites higher in search results or redirect legitimate traffic to malicious sites.[5]
  3. False promotional offers –    Cyber attackers may also use this means to lure victims into falling for scams. These fraudulent offers often promise irresistible deals, discounts, or rewards, exploiting people’s desire for bargains or exclusive items. They come in the form of malicious ads(adware), promotional emails, fake influencer and affiliate promotions, social media scams, fake online stores, SMS and WhatsApp scams(smishing). For example, there was an incident in Tokyo during the Olympics where users were prompted to provide personal information. “One webpage posing as a television broadcasting schedule also tricked users into allowing browser notifications, then spammed them with malicious advertisements.” [2]

Some of these personal data are then sold on the dark web most of which are used to scam their victims.[2]  

Events vary in terms of scale, attendance, and host country, but they always face the same kinds of risks. Canadians ought to be aware of these dangers and implement fundamental best practices for cyber security.[1]

Below are some useful tips to protect yourself from these attacks;

  1. Be sceptical of unsolicited emails.
    • Check the Sender’s Identity: Examine the email address thoroughly. Phishers frequently utilize addresses that resemble authentic ones but have a few subtle differences.[7]
    • Seek out warning signs: Phishing emails frequently include poor grammar, urgent rhetoric, or requests for private information. Messages that convey a sense of urgency should be avoided.[7]
  2. Avoid clicking on suspicious links.
    • Hover Before Clicking: To view the URL of a link, move your mouse over it. Avoid clicking on anything that doesn’t seem right or doesn’t match the intended webpage.[7]
    • Type URLs Directly: Enter the URL into the address bar of your browser directly, avoiding clicking on links in emails.[7]
  3. Ensure to verify requests for your personal information.
    • Get in Direct Contact with the Organization: To confirm a request for sensitive information you have received from a business, get in touch with them via a reliable and established channel.[7]
    • Refrain from Sharing Personal Information: Never reply to unsolicited emails with money or personal information.[7]
  4. Use unique and strong passwords only.
    • Make complex passwords by combining characters, digits, and symbols. Don’t use information that can be guessed, such as birthdays or everyday terms.
    • Use Password Managers: These tools can assist you in creating and keeping secure, one-of-a-kind passwords for all of your accounts.
  5. Make use of Multi-Factor Authentication (MFA) and two-factor authentication (2FA).
    • Increase Security by Using 2FA Whenever It’s Possible. This usually requires not just your password but also an additional form of verification, such as a code texted to your phone.[6]
  6. Keep your software updated.
    • Install Updates Frequently: Ensure your browser, operating system, and antivirus program are up to current. Patches for security flaws are frequently included in updates.[6]
  7. Regularly check and audit your website.
    • Security Scans: Use reputable security tools and services to routinely check your website for malware and vulnerabilities.
    • Audit Logs: Keep a watch on the access logs for your website to spot any unauthorized or strange activity.[9]
  8. Defend Your Website Against Outside Threats.
    • Put Web Application Firewall (WAF) to use: A WAF can assist in stopping harmful traffic and shielding your website from online threats.[6]
    • Put Secure Coding Practices into Practice: Make sure that every new material or code introduced to your website is examined and security verified.[6]
  9. Guard Your Techniques for Search Engine Optimization.
    • void using black-hat SEO techniques: Steer clear of unscrupulous SEO tactics that could jeopardize your website’s security and harm its reputation.[8]
    • Observe your search engine rankings: Keep a tight eye on your search engine rankings for any abrupt drops or changes that could indicate tampering.[8]
  10. Educate Your Group as Well as Yourself.
    • Remain Up to Date: To remain ahead of possible attacks, keep up with the most recent security procedures and SEO dangers by regular reading.
    • Training: Make certain that everyone in charge of overseeing your website has received training on security best practices and is aware of any possible risks.

Cyberattacks are serious threats to both individuals and organizations and for this reason, it is imperative to adopt and implement standard security measures to avoid anything from phishing attacks to sophisticated cyber attacks in general.

Also, having a comprehensive response time will help in recovering data and minimizing your downtime. I will be excited to hear your thoughts and experiences on any security measure you deployed that worked well for you.

References

  1. https://www.canada.ca/en/communications-security/news/2024/05/cyber-centre-publishes-report-on-cyber-threats-to-major-international-sporting-events.html
  2. https://montrealgazette.com/news/national/major-sporting-events-a-prime-target-for-cybercriminals-federal-centre-warns
  3. https://www.richmond-news.com/spotlight/report-from-cyber-centre-addresses-cyber-threats-facing-major-global-sports-events-9381078
  4. https://www.ncsc.gov.uk/guidance/phishing#:~:text=Phishing%20is%20when%20attackers%20send,can%20sabotage%20systems%20and%20organisations.
  5. https://www.checkpoint.com/cyber-hub/cyber-security/what-is-cyber-attack/what-is-seo-poisoning/
  6. https://www.cisa.gov/sites/default/files/publications/Capacity_Enhancement_Guide-Counter-Phishing_Recommendations_for_Federal_Agencies_1_0.pdf
  7. https://support.microsoft.com/en-us/windows/protect-yourself-from-phishing-0c7ea947-ba98-3bd9-7184-430e1f860a44
  8. https://sucuri.net/guides/website-security/
  9. https://seorocket.ai/blog/black-hat-seo-the-risks-and-techniques-you-should-avoid/#:~:text=Search%20engines%20like%20Google%20have,from%20search%20engine%20results%20altogether.

Join the Conversation

8 Comments

  1. This passage highlights the critical importance of cybersecurity in today’s digital world, especially during major sports events. Cybercriminals are taking advantage of these events to steal data, disrupt services, and launch attacks. With real-life examples like ransomware and phishing, it shows how dangerous these threats can be. The message is clear: everyone needs to be cautious online and follow simple steps, like using strong passwords, avoiding suspicious emails, and keeping software updated, to stay protected

  2. Very informative blog post. In recent times we have seen a rise in state sponsored cyber attacks on critical infrastructure of opponent nations and this has given rise to newer methods of warfare. Moreover this has increased significantly since Russias invasion of Ukraine, so are countries resorting to this new ways of fighting which can cause significant damages without causing mass casualties!

  3. This blog stresses the importance of cybersecurity during international sporting events. The Canadian Cyber Centre warns of potential threats, highlighting the need for caution with emails and strong passwords to protect our data.

  4. Great Job! I like the information you have shared and out of that we can say cybersecurity is not fancy technology or an option any more. It is critical technology and it should has the highest priority in every aspect of our life where a threat has chance to be present. Cyber attackers can leverage high-profile global events — with the ability to do actual harm to an affected country or even the global economy. They can detract from what these events are meant to be and cause a black mark that sticks around for awhile despite regaining public trust. These types of events often house a wide variety of peoples, making the circumstances worse.

  5. Great post, It is very unfortunate to me that these types of attacks will unfortunately never stop. Events like the Olympics or the World Cup are the perfect breeding ground for this. Lots of people all congregated in the same place, which already puts a strain on the our systems. I think the thing that gets to me the most is the involvement of state actors. I understand if we have a couple of scammers trying to steal data and make money, but Russia sponsored interference in what is meant to be a global event is very disappointing. I have linked below an article that talks about how “Russian threat groups pose the highest risk when it comes to cybersecurity”[1] for the Olympics. The worse part is that when things like these happen, its the normal people that suffer.

    1. https://www.forbes.com/sites/daveywinder/2024/07/19/paris-olympics-security-warning-russian-hackers-threaten-2024-games/

  6. Really informative post. It’s good the Canadian cyber security center is warning of this. I’ve heard once in a class or online that it’s popular to perform cyber attack during holidays and event, as lots of people will be taking time off and have their guard down making it easier to have a successful attack. The response to the attack will be delay or slowed as less people will be available to stop the attack. I also like in the blog how you give example of current scams and cyber attacks to watch out for and measures you can take to prevent against them. I feel the SEO attack is an attack that get lots of people that are less tech savvy and less informed so being able to prevent those attacks would be best.

  7. Very impressive post Mr. Mohamed. I would like also to reflect a bit on means of attacks from an enterprise perspective, emphasizing on the multi-layered or staged attacks. The phishing emails and cloned malicious links are used as the first layer of cyber penetration, then a series of deeper attacks happen afterward. Such as, lateral movement fetching a near by vulnerable systems that provide higher access privileges which is optimal for a next deeper attack stage to to seed a ransomware code and spread it to all files. This stages of attacks are not necessarily discovered on the first stage and in some cases they could take months till the ransomware is well saturated on many data stores. The multi-layered attacks trigger a crucial need for a well implemented defense-in-depth strategy as a proactive action, hindering these multi staged attacks’ development. Moreover on being responsive after the impact of a cyber attack, a recent learned lesson from an attack that impacted one of the leading oil and gas companies in Alberta called Suncor. Despite how the attack has happened, they took near to five months to recover data and rebuild computers in a very time consuming process. That lesson, brought up the term of using “Air-Gapped” data recovery. It is a robust and responsive data recovery from a storage the that blindly isolated from any network connectivity or an traditional known TCP-IP protocol. Not to dive deeper in this methodology, but it is one of the modern defense-in-depth strategies that can keep the business running and not being shutdown for days or sometimes for months.

  8. This is a stellar post and particularly piques my interest due to my advocacy for security awareness. I believe this should be the backbone of security as all the safeguards in the world will not 100% protect data. Organizations need to ensure a proper security awareness program is in place to further mitigate social engineering risks to an acceptable level. Additionally, this post raises awareness and urges readers on appropriate precautions to take when in certain situations as well as protective measures to take to prevent them from occurring in the first place. Phishing emails are one of the easiest ways to fall victim to these scams as sometimes, they are crafted almost perfectly, making it difficult to identify, especially considering large events where users are less likely to pay proper attention to what they are clicking. Additionally, the issue of reusing passwords across several websites is widespread and a lot of us are guilty of this. This is particularly dangerous, which makes it great that it was highlighted in this post, because all it takes is for one account using that password to be compromised, and then, it is a domino effect from that point on.

Leave a comment

Powered by UCalgary

The views, information, or opinions expressed on this site are solely those of the individual(s) involved and do not necessarily represent the position of the University of Calgary as an institution.

Website Terms & Conditions | Privacy Policy | Copyright © 2024