January Hacking Recap: Winter Olympics, Fire and Fury, and Sonic The Hedgehog
There were quite a number of cyber incidents in January, and some of the most notable cyber incidents that kicked off the year had something in common. Malware scams and other hacking campaigns are only successful when the victim “pool” is large.
So what better way to reach as many people as possible than through scams targeted at trending events, games, and even books? In this blog, we review some of the most discussed online topics during the month of January and how hackers capitalized on those topics’ popularity.
The 2018 Winter Olympics are one of the most anticipated events of the year. It comes as no surprise, then, that hackers are also setting their eyes on the big games to take advantage of the subsequent rise in online traffic.
A cybersecurity agency recently reported that Russian hackers may be planning cyber attacks against anti-doping agencies like World Anti-Doping Agency, the U.S. Anti-Doping Agency and the Olympic Council of Asia. This is likely due to the fact the many Russian athletes were left off the eligibility list to compete for next month’s games on grounds of “serious indications of doping in their history.”
In this case, the hackers’ motive may be more political. Security experts have noted that “all games since the 2012 London Summer Olympics have faced some level of DDoS by hacktivist groups.” This year’s games will most likely not be an exception.
It’s not only hacktivists that users have to worry about, but also cyber terrorists and “fame seekers” bringing unwarranted security threats. Another threat to look out for in the midst of the international festivities is organized crimes from match-fixing to gambling scams.
Fortunately, South Korea has earmarked $1.3 million for cybersecurity protection in preparation against such threats for the 2018 Winter Olympics.
When Michael Wolff’s Fire and Fury: Inside the Trump White House hit the bookshelves, dozens flocked to online stores like Amazon and Apple to purchase it. The book, which criticizes Trump and his actions as President, has now exceeded 1.7 million in sales.
What could be the threat here? While a popular book may not seem like much of a threat, according to an IT researcher at Kaspersky Labs, a pirated version has been circulating around the web and is known to be “loaded with malware.” Users are downloading the pirated version of the book online through torrents, social media, and other spammy links.
The book is downloadable as a PDF file and contains a Windows executable. This executable gives the hacker remote backdoor access, meaning they can steal credentials, financial information, and more.
Hackers took advantage of the fact that people were looking for free online copies to instill malware into the PDF version and spread it online. Fortunately, experts have noted that the malware can be easily detected by AV (antivirus) programs.
Another popular trend that hackers have recently targeted involves the popular game series, Sonic the Hedgehog. It’s accumulated over one hundred million downloads over the course of its series of three games and has seen a steady rise in downloads over time.
According to security researchers, the malware-ridden apps were found to be leaking users’ geolocation data and other information. Furthermore, the apps were found to contain “an average of 15 OWASP (Open Web Application Security Project) vulnerabilities.” These vulnerabilities make users susceptible to man-in-the-middle attacks, data leakage, weak encryption, and more.
The reasons as to why there are so many hackers. It is difficult to pinpoint their exact motives, but there is one common pattern: hackers use trending topics to their advantage to exploit as many victims as possible. Whatever topic is popular amongst the general public will likely play out to be a valuable target for hackers.
Hacking campaigns don’t show any stops of slowing signs either, so users are advised to take extra caution. Whether it’s buying sold out tickets for a concert or a popular book from a third party, users must be sure to take extra safety measures before agreeing to share their personal information or submitting their credit card details online.