{"id":1750,"date":"2024-09-25T06:33:56","date_gmt":"2024-09-25T06:33:56","guid":{"rendered":"https:\/\/xdr-mdr.lmntrix.com\/main_web\/?p=1750"},"modified":"2024-10-19T06:50:47","modified_gmt":"2024-10-19T06:50:47","slug":"major-world-events-a-playing-field-for-hackers","status":"publish","type":"post","link":"https:\/\/lmntrix.com\/blog\/major-world-events-a-playing-field-for-hackers\/","title":{"rendered":"Major World Events a Playing Field for Hackers"},"content":{"rendered":"<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img fetchpriority=\"high\" decoding=\"async\" width=\"262\" height=\"350\" src=\"https:\/\/lmntrix.com\/blog\/wp-content\/uploads\/2024\/09\/hacker.webp\" alt=\"\" class=\"wp-image-1752\"\/><\/figure>\n<\/div>\n\n\n<p>Just like the old-fashioned pickpockets and scalpers we\u2019ve learned to avoid, cyber scammers are exploiting major world events to target their victims. The <a href=\"https:\/\/www.scmagazine.com\/cybercriminals-attempt-to-score-using-fifa-world-cup-phishing-emails\/article\/774706\/\" target=\"_blank\" rel=\"noopener\">World Cup<\/a>, the <a href=\"https:\/\/www.express.co.uk\/news\/royal\/961903\/Royal-Wedding-EE-scam-text-messages-phishing-cyber-attack\" target=\"_blank\" rel=\"noopener\">Royal Wedding<\/a>, and the <a href=\"https:\/\/www.scmagazine.com\/2018-winter-olympics-being-used-as-phishing-attack-bait\/article\/735639\/\" target=\"_blank\" rel=\"noopener\">Winter Olympics<\/a> are recent events they\u2019ve tried to benefit from in this way, and it\u2019s an incredibly effective tactic.<br><br>Usually, the cyber attacker modus operandi during these events is the tried-and-true combination of social engineering and phishing. Generally an email \u2013 along with a malicious attachment or link \u2013 is sent out in a spam campaign to thousands of potential victims. The body of the email will exploit interest in the event and point the user to the malicious element \u2014 alluding to a special offer or other detail related to the event.<br><br>An interesting example occurred during the recent World Cup. Hackers developed a malicious score-tracking app, called \u201c<a href=\"https:\/\/www.theregister.co.uk\/2018\/07\/05\/world_cup_mobile_malware_trick\/\" target=\"_blank\" rel=\"noopener\">Golden Cup<\/a>\u201d, and convinced Israeli soldiers to download it from the Google Play store. The app in fact contained spyware which gave the attackers access to the soldiers\u2019 GPS location, phone cameras and microphones, and revealed the locations of images and videos stored on their phones.<br><br>The Israeli military blamed the Palestinian group Hamas. What made the malware especially dangerous, the Israelis said, is that the app looked legit \u2014 it was downloaded from an official app store.<br><br>It\u2019s not only sport fans that need to be wary. We witnessed another cunning tactic before the wedding of Prince Harry and Meghan Markle, whereby cyber criminals launched the \u201croyal wedding guest name\u201d <a href=\"https:\/\/www.thesun.co.uk\/fabulous\/6384827\/scam-royal-wedding\/\" target=\"_blank\" rel=\"noopener\">data mining scam<\/a>. This scam tricked people into giving up key personal data by inviting them to find out what their \u2018aristocratic name\u2019 was. And what did people need to do to find out their \u2018aristocratic name\u2019? They had to enter the name of one of their grandparents, their first pet\u2019s name, and the name of the street they grew up on. If these questions sound familiar, it\u2019s because they\u2019re three of the most commonly used security questions.<br><br>Organisers and contractors of these events are also frequently targeted via similar means. Before the <a href=\"https:\/\/www.wired.com\/story\/pyeongchang-winter-olympics-cyberattacks\/\" target=\"_blank\" rel=\"noopener\">South Korean Winter Olympics<\/a>, sophisticated attackers targeted ski resorts, organising committees, and tourist boards with an apparent alert from South Korea\u2019s National Counter-Terrorism Center. The email contained malware which would give attackers remote access to infected machines. Underscoring the trade craft of this campaign, the emails coincided with real-life terrorism drills.<br><br>Any time these significant events roll around, we can expect an accompanying phishing campaign. Exploiting the public interest in major events is an efficient and effective form of social engineering.<br><br>Consider the fervor that will descend upon Australia during the last weekend of September. Saturday will see the AFL final decided, while on Sunday, the NRL finalists will face off against each other. Fans and punters across the country will be eager for any updates in the lead up to both matches and could be seen as easy targets.<br><br>If a spam email went out claiming to contain last minute injury updates or special odds from a betting agency, I think we all know someone who would open it. By feeding on the frenzy before these events, attackers know there\u2019ll be enough people who can\u2019t resist to make the campaign worth their while.<br><br>This doesn\u2019t mean you should live in fear any time an event of national or international significance rolls around. Basic cyber hygiene is enough to ensure you enjoy these events safely; only use trusted sites, only download official or verified apps, don\u2019t click on emails or attachments from unfamiliar sources, and apply the latest patches as soon as possible.<br><br>These are very simple steps one can take to level the playing field against attackers. Forewarned is forearmed, and knowing to expect such tricks can help even the most ardent fan think twice before entering their mother\u2019s maiden name and favourite colour to find out their \u2018footy nickname\u2019.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Just like the old-fashioned pickpockets and scalpers we&rsquo;ve learned to avoid, cyber scammers are exploiting major world events to target their victims. The World Cup, the Royal Wedding, and the Winter Olympics are recent events they&rsquo;ve tried to benefit from in this way, and it&rsquo;s an incredibly effective tactic. Usually, the cyber attacker modus operandi [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":1752,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[],"class_list":["post-1750","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog"],"_links":{"self":[{"href":"https:\/\/lmntrix.com\/blog\/wp-json\/wp\/v2\/posts\/1750","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lmntrix.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lmntrix.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lmntrix.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/lmntrix.com\/blog\/wp-json\/wp\/v2\/comments?post=1750"}],"version-history":[{"count":4,"href":"https:\/\/lmntrix.com\/blog\/wp-json\/wp\/v2\/posts\/1750\/revisions"}],"predecessor-version":[{"id":4138,"href":"https:\/\/lmntrix.com\/blog\/wp-json\/wp\/v2\/posts\/1750\/revisions\/4138"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/lmntrix.com\/blog\/wp-json\/wp\/v2\/media\/1752"}],"wp:attachment":[{"href":"https:\/\/lmntrix.com\/blog\/wp-json\/wp\/v2\/media?parent=1750"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lmntrix.com\/blog\/wp-json\/wp\/v2\/categories?post=1750"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lmntrix.com\/blog\/wp-json\/wp\/v2\/tags?post=1750"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}