May 19, 2020

Phishing, ransomware and fake tickets: how to avoid Rio 2016 cyber crime

Digital Guardian
Barracuda Networks
WhiteHat Security
6 min
Phishing, ransomware and fake tickets: how to avoid Rio 2016 cyber crime

The world is preparing itself for the intense excitement of 10,000 athletes from across the globe competing in 42 individual sports. But, as much of a global buzz that the Olympics create, the Games are already drawing the attention of cyber criminals. Businesses and consumers alike face a number of cyber threats, be it Olympic-themed emails loaded with ransomware, vulnerabilities in ticket websites and apps or employees falling for “your tickets are attached” phishing emails; the threat landscape is growing. 

We have collected insights from a handful of industry experts, who discuss what IT professionals need to be on the look out for, before and during the Games this summer.

Perry Correll, Principal Technologist at Xirrus:

“Rio 2016 is just around the corner, and businesses are rewarding their top employees with Olympic-themed hospitality packages. For those lucky enough to qualify for an actual trip to Brazil, it’s worth remembering that although you might feel like you’ve just won a trip to heaven, logging on to your hotel’s public Wi-Fi network and entering sensitive information - such as online banking codes or even something as seemingly innocuous as your Facebook password - could turn it into the week from hell.

“Hotels, of course, offer some form of authentication in order to limit who can access their network, but few offer the encryption required to fully protect data against malicious access. Guests know this. And they know the risks. Yet our research shows they still do it. In a recent Xirrus survey on Wi-Fi usage, 76 percent of people acknowledged that public Wi-Fi in venues such as hotels is not secure, but 62 percent use it regardless of security implications.

“At an event such as The Olympics, it’s natural to want to get online using your hotel’s free public Wi-Fi, post your photos and check in to the venues you visit during the day. But remember that your Facebook and other social media passwords can be used in turn to access applications that hold personal and financial data. So what might seem a reasonably innocent thing to do could have grave ramifications for the security of your credit cards and bank accounts.”

Ryan O’Leary, VP Threat Research Centre at WhiteHat Security:

“More than a quarter of fake tickets sold online in 2015 were for big sporting events such as the Rugby World Cup and Premier League football matches. With that in mind, it is perhaps not surprising that there have already been multiple reports of fake ticket sites being set up for the Olympic Games. Some cyber criminals are even buying cheap SLL certificates, which add the “https” at the beginning of the URL to give the illusion that the website is legitimate. As cyber criminals get more and more savvy, individuals need to be particularly wary when handing over payment and personal details. 

“Unfortunately, the potential damage from ticket websites doesn’t end there. Our research has found that legitimate retail sites are also potentially exposing users’ personal details. Half of all the retail sites we studied exhibit serious security flaws at all times and each retail site has, on average, 13 serious security issues. These flaws can lead to data such as payment card details and personal information being left exposed, attackers being able to deliver malicious instructions to a victim’s browser, or being able to execute attacks that retrieve personal information such as passwords. 

“When it comes to website security awareness, businesses have a responsibility to educate employees on how to stay safe online. Simple tricks include installing a modern web browser and keeping it up to date, looking out for the ‘https’ when browsing, being wary of purchasing tickets when using public WiFi, going directly to websites rather than clicking through emails or adverts and making sure that passwords are unique for each site and hard to guess.”

Wieland Alge, VP & GM EMEA at Barracuda Networks

"With the summer Olympics now fast approaching, businesses must be on the alert for Olympic-themed spam emails that are loaded with ransomware. Cyber-thieves are increasingly adopting ransomware in their attacks due to its high return on investment and the fact that the code required to complete the attack is now readily available online. 

"Recent research found that almost half of British businesses are not backing up their company data at least once per day, so the impact of being hit by a ransomware attack could be devastating. In fact, there are suggestions that some larger companies are stockpiling bitcoins so that they can more quickly pay off attackers in the event of an infection. 

"The growth in ransomware attacks is expected to continue to expand across every computing platform, from Macs and smartphones to IoT endpoints. The most successful iterations of ransomware will evolve to stay ahead of defences, so the onus really is on businesses to put in place multiple layers of protection to keep their networks secure. They should also educate employees around scam emails and clicking through to websites or attachments. In the run up to Rio 2016, users should be wary of any kind of ‘special offers’, suggestions for official merchandise, free streaming websites or discount ticket emails. If an offer looks to good to be true, it probably is!"

Thomas Fischer, Global Security Advocate at Digital Guardian:

"For hackers, there’s no need to run the extra mile: it’s often the simplest method of attack that becomes the most successful. With over 7.5 million tickets expected to be sold for the Rio Olympics across the globe, employees making last minute bookings at work can be an easy target for attackers. 

“By posing as a ticket vendor or event organiser, hackers will attempt to trick users into opening a malicious attachment that gives the attacker access to the company’s network. In the rush to secure their tickets, employees may ignore some of the tell-tale signs of social engineering, such as suspicious email addresses and spelling errors, and fall foul of a phishing attack. Once inside, hackers can alter, remove or extract sensitive information, putting the company and its customers at risk.

“Implementing a solution that warns a user when a program attempts to download a file from the internet, or write a file from a disk, will help to reduce the risk of malware running in the background. However, the most effective method is a gold standard security awareness program. 

“Training employees to spot the key signs of a phishing attack, and having a system in place to report such incidents is critical. It is the responsibility of every business leader from the CEO to the HR and legal department to train employees, teaching them to understand the importance of data protection and keeping the company secure.”

Read the July EURO 2016 issue of Business Review Europe magazine. 

Follow @BizReviewEurope

Share article

Jun 18, 2021

GfK and VMware: Innovating together on hybrid cloud

3 min
VMware has been walking GfK along its path through digital transformation to the cloud for over a decade.

GfK has been the global leader in data and analytics for more than 85 years, supplying its clients with optimised decision inputs.  

In its capacity as a strategic and technical partner, VMware has been walking GfK along its digital transformation path for over a decade. 

“We are a demanding and singularly dynamic customer, which is why a close partnership with VMware is integral to the success of everyone involved,” said Joerg Hesselink, Global Head of Infrastructure, GfK IT Services.

Four years ago, the Nuremberg-based researcher expanded its on-premises infrastructure by introducing VMware vRealize Automation. In doing so, it laid a solid foundation, resulting in a self-service hybrid-cloud environment.

By expanding on the basis of VMware Cloud on AWS and VMware Cloud Foundation with vRealize Cloud Management, GfK has given itself a secure infrastructure and reliable operations by efficiently operating processes, policies, people and tools in both private and public cloud environments.

One important step for GfK involved migrating from multiple cloud providers to just a single one. The team chose VMware.

“VMware is the market leader for on-premises virtualisation and hybrid-cloud solutions, so it was only logical to tackle the next project for the future together,” says Hesselink.

Migration to the VMware-based environment was integrated into existing hardware simply and smoothly in April 2020. Going forward, GfK’s new hybrid cloud model will establish a harmonised core system complete with VMware Cloud on AWS, VMware Cloud Foundation with vRealize Cloud Management and a volume rising from an initial 500 VMs to a total of 4,000 VMs. 

“We are modernising, protecting and scaling our applications with the world’s leading hybrid cloud solution: VMware Cloud on AWS, following VMware on Google Cloud Platform,” adds Hesselink.

The hybrid cloud-based infrastructure also empowers GfK to respond to new and future projects with astonishing agility: Resources can now be shifted quickly and easily from the private to the public cloud – without modifying the nature of interaction with the environment. 

The gfknewron project is a good example – the company’s latest AI-powered product is based exclusively on public cloud technology. The consistency guaranteed by VMware Cloud on AWS eases the burden on both regular staff and the IT team. Better still, since the teams are already familiar with the VMware environment, the learning curve for upskilling is short.

One very important factor for the GfK was that VMware Cloud on AWS constituted an investment in future-proof technology that will stay relevant.

“The new cloud-based infrastructure comprising VMware Cloud on AWS and VMware Cloud Foundation forges a successful link between on-premises and cloud-based solutions,” says Hesselink. “That in turn enables GfK to efficiently develop its own modern applications and solutions.

“In market research, everything is data-driven. So, we need the best technological basis to efficiently process large volumes of data and consistently distill them into logical insights that genuinely benefit the client. 

“We transform data and information into actionable knowledge that serves as a sustainable driver of business growth. VMware Cloud on AWS is an investment in a platform that helps us be well prepared for whatever the future may hold.”

Share article