"We expect to see a plethora of Olympic-related scams, which are already beginning to emerge," says Swapnil Bhoskar, security researcher at Zscaler. "The Olympics represent a golden opportunity for spammers--the world's largest sporting event, which will draw a global audience for the next two weeks."
The Olympics malware scams fit into well-defined pattern established by the Internet's bad element during the past several years. Attackers create credible lures based on some current event, tempting users to either give away their personal information, old-school phishing style, or to click on a malicious link that surreptitiously initiates a drive-by download of some kind of malware payload. Sometimes the lure is an email offering something like tickets to Olympics events that have long since sold out. Other times, it's a message offering the latest news about events like the 400-meter relay won by Ryan Lochte. And still others lure people to a number of bogus news sites that show up in poisoned search engine results designed to prey on fast-breaking news terms.
"We've also seen natural disasters being used, major political events, things of that nature, to send out lures to get people to malicious websites," said Alex Kirk, researcher with the Sourcefire Vulnerability Research Team. The fresher the event, the better, because the fewer legitimate websites, the easier it is for bad actors to poison search results and draw clicks away from actual news sources. "What we've seen a whole ton of in particular is compromised WordPress blogs."
Once the user takes the bait, the scam begins in earnest, typically leading to a site laden with malware packaged up in easy-to-use exploit kits that don't require much technical knowledge on the criminal's part. The easy-to-get and easy-to-use Blackhole exploit kit seems to be going for the gold this summer.
"The instant you get to that site, it's going to drop 10 to 15 distinct exploits on you sequentially until one of them actually succeeds," says Kirk. "I've seen everything from viruses to other spam and DDoS pieces of malware."
How to Combat Information Security Attacks
One of the most obvious first lines of defense against such information security attacks is to train users to avoid opening suspicious emails or links in the first place. As with much in IT security, protection starts in the hands of end users.
"It's a matter of user education," says Kirk. "Teaching people not to click on links from emails, especially unsolicited email messages, is a really important piece. There's a sucker born every minute. It's tough to keep a larger user base completely safe when folks aren't thinking clearly before they get their cup of coffee in the morning."
That's where patch management and endpoint management comes in. It may be four years between each Olympic games, but letting that much time go in between patches can be a catastrophe. The developers who contribute to the Blackhole exploit kit seem to be working almost around the clock to find new vulnerabilities. But while the new stuff keeps security professionals up at night, all too often it's the issues that are easiest to remediate that cause most of the trouble.
"The bulk of the exploits in that kit are actually from 2010," says Kirk. "Making sure all the endpoints have Java updated, have Acrobat updated, [that] they've got the latest Windows update, which is a really important thing to do. That way, even if they throw 10 to 15 different exploits at you, they're going to fail."