Cybersecurity in High-Profile Events

Published on Friday, 01 February 2019 09:00

 Last updated: July 2018

OVERVIEW

High-profile events such as the DPRK-USA Singapore Summit, global conferences and sporting events like the recently concluded World Cup attract wide-ranging attention, including from the bad hats. Physical security, such as increased police patrols, barricades and identification checks, are some of the usual measures to safeguard such events. Increasingly, enhancing cybersecurity is also part of the planning for such events.


High-profile events like the World Cup are hotspots for potential cyber threats
(Image credit: EclecticIQ)

High-profile events are closely watched by cyber adversaries for a range of reasons, such as to gather intelligence, cause disruptions, or for financial gains. Some of these adversaries may even be state-sponsored actors, who may try to steal information for espionage purposes, or deface websites related to the event to further their cause, or to embarrass the host country.

Accordingly, in planning for such large-scale, high-profile events, cybersecurity will need to be factored into the plans, including establishing contingency measures to deal with cyber incidents. Individuals attending these events can also play their part and practise basic cybersecurity hygiene - including using anti-virus software on their devices and being alert on signs of phishing - so as not to let scammers or hackers score a goal against you.

REPORTS

PHISHING CAMPAIGNS & INFORMATION OPERATIONS

Whenever big sporting events or conferences take place, cyber-attackers would take advantage of people’s interest in the event to lure them into clicking on e-mails and the attachments within. Often, such lures contain malware or links to malicious websites where the user may be tricked into submitting personal details like credit card numbers, thinking they are making a legitimate purchase. For instance in the recent FIFA World Cup 2018, several soccer-themed phishing e-mails and web pages were observed from May 2018 targeting sports fans with fake ticket or trip giveaways from FIFA or its sponsors like Visa and Coca-Cola. Consequently, fans responded to these “giveaways”, and gave away their personal and financial data to cybercriminals.

Sometimes, phishing campaigns are also conducted as part of intelligence gathering operations. For instance, phishing e-mails started to emerge in December 2017, targeting organisations involved in the upcoming PyeongChang 2018 Winter Olympics Games in February 2018. The e-mails, spoofed to appear as if it came from the South Korean National Counter-Terrorism Centre, told recipients that there would be counter-terrorism drills leading up to the Games. The e-mails contained malicious Word documents that if opened, would give the hacker the ability to operate the victim’s computer remotely. Similarly, in relation to the recent DPRK-USA Singapore Summit, a threat actor based in North Korea was believed to be behind a spear-phishing campaign targeting South Koreans. A decoy e-mail, featuring “US-North Korea Summit” in its subject and containing a document on the same topic, was used to lure potential victims to download a malware. The malware was believed to be a Trojan and can be used for keylogging and executing malicious commands on the victims’ devices.

Beyond such trickery, threat actors could target other entities associated with the event, including official hotels or venues. For instance, hackers could set up or compromise Wi-Fi networks, that allow them to quietly conduct surveillance on anyone using the networks unwittingly.

Read on by clicking on the stories below:


DISRUPTION OF SERVICES

As prominent events are covered by the international media and beamed to millions of audiences worldwide, cyber threat actors may want to ride on the high visibility of the event to further their cause. For instance, if their objective is to embarrass the host nation, the cyber-attacks may aim at causing disruptions during the event. This was the case for disruptions caused at the opening ceremony of the PyeongChang 2018 Winter Olympics Games. The malware, dubbed Olympic Destroyer, disrupted Internet access and telecasts, and shut down drones and websites covering the event.

In Malaysia’s 14th General Election held on 9 May 2018, several incidents arose with an aim to interfere with the election. Weeks before the polls, automated accounts or bots flooded Twitter with thousands of pro-government and anti-opposition messages. On election day, politicians from both the ruling and opposition parties faced waves of spam calls from unknown foreign numbers. The “bot attack” effectively blocked them from using their mobile phones to communicate with one another.

Read on by clicking on the stories below:


HACKING OF WEBSITES

Websites are the “face” of most businesses and organisations and have proven to be still one of the favourite targets for cyber-attacks. The Singapore Cyber Landscape 2017 publication, released by CSA in June 2018, reported that there was an increase in defacements of Singapore websites observed during the National Day period. While these were assessed to be opportunistic rather than targeted, it highlighted the potential for such incidents during iconic events. Hacktivists could seek out high-profile websites to launch defacement campaigns for maximum impact and visibility.

Sometimes, attacks on websites go beyond defacements. In the 31st ASEAN Summit in Manila, in November 2017, a hacker group inserted malware into websites of ministries or government agencies in Laos, Cambodia and the Philippines, and redirected victims to a Google account page to gain access to their contacts and e-mails.

Websites of political parties and candidates have also been observed to be targets of hackers. During the 2018 Mexican Election, the website of a Mexican opposition party suffered a Distributed Denial of Service (DDoS) attack, after it published a document critical of the candidate from the other party. Hackers flooded the website with hundreds of thousands of information requests at once, overwhelming its capacity and taking it offline for several hours. The hackers appeared to have carefully picked the time for the DDoS attack – right at the time when the televised debate between the presidential candidates was scheduled on 13 June 2018.

Owners of websites, especially those of high prominence, should diligently update their web application and any third-party plug-ins that comes with it, and patch known loopholes as soon as possible. For instance, the latest WordPress security patch was just released last week. You can refer to SingCERT’s latest WordPress alert published on 12 July here.

Read on by clicking on the stories below:


QUICK BYTES

SECURING SINGAPORE’S CYBERSPACE DURING THE DPRK-USA SINGAPORE SUMMIT

In the lead-up to and during the DPRK-USA Singapore Summit, Cyber Security Agency of Singapore worked with partner agencies, Critical Information Infrastructure (CII) sectors, and supporting entities such as the hotels to step up the protection of essential services and enhance their cybersecurity posture during the period. Watch Channel NewsAsia coverage on CSA’s efforts here.

SOURCES INCLUDE: SC Magazine UK, ZDNet, DarkReading, The New York Times, Channel NewsAsia and Reuters