Akamai Diversity

The Akamai Blog

Know Thy Enemy: Why Bad Guys Love Events of Olympic Proportions

The upcoming Olympic Games, much like other widely publicized, international events, offer unique challenges for online security.  In the course of any given year, Akamai supports many of these online events including concerts, sporting competitions, elections, and other newsworthy happenings.  Because of this, we've had substantial visibility into the various ways the "bad guys" may try to take advantage of an online event for their own gain. As important, these events typically involve a variety of online components - from live streaming to commerce - that providing a significant amount of attack surfaces for the event's security staff to protect.

The primary concern when supporting a large event is that online resources may be built in a hurry and then receive a sudden influx of users. As such, there are time and effort constraints to securing these websites and the infrastructure that carries them. As the security team for the event, typically you do not have a lot of historical Internet traffic to define a "normal" state, so you have to rely on attack trends from other events as well as threat intelligence to detect any new techniques that specifically are targeting your event.

One thing you need to be prepared to defend against is Denial of Service (DoS) attacks, where the attacker disrupts the operation of an online service such as a livestream or website. Highly visible event websites are prime targets and a cleverly-conducted Distributed DoS attack can look very much like a flash mob of legitimate users that are coming to a website
The high visibility for events such as the Olympics can also prompt defacement style attacks. Because the event draws a large volume of website users, hacktivist groups wishing to propagate their messages can alter the event's website to display their message to a broad audience and to generate headlines that create further awareness for their cause.

In a similar vein, most large events have a scheduling site or a storefront where they sell tickets, memorabilia, or other services.  These can be prime targets for data exfiltration for anything from email addresses to passwords to credit card information or even VIP contact information. Data breaches can also lead to inappropriate information disclosure. Although not as big a fear for a real-time event such as the Olympics, for events with a predetermined outcome such as awards ceremonies, attackers can access the results before they are officially released. This can lead to significant audience loss and loss of revenue. The loss of revenue could also happen as a result of actual content theft where attackers make a copy of the event content available on their own website or on portable media.

Significant interest in an event may make associated online assets a possible target for distributors of malware. In this situation, attackers would alter the website in a non-obvious, non-visible manner to serve hooks to malicious content that runs on the users' computer and installs other software such as viruses, key loggers, and the Zeus banking trojan.

And unfortunately, the event organizers and their online assets are not always the sole target. Event audiences can also be targets. Vehicles could include phishing, spam, and malware email where attackers seek a wide variety of goals such as stealing information from the user's computer, implanting viruses on the user's computer, and conducting outright scams involving selling counterfeit tickets, VIP passes, and fraudulent "discount tickets" to unsuspecting consumers.

Overall, the trick to keeping online events as safe as possible is to understand your potential adversary based on previous trends and current capabilities and understand how they're most likely to attack, the motivation for the attack, and countermeasures that you can implement. Doing so will help you apply the right defenses to the right assets and have a successful event.

Mike Smith is a Senior Security Evangelist at Akamai

1 Comment

So the Games are over and I think no major issued happened with keeping online events. Am I right?