Newsletter

Streaming fakes and adware related to the broadcast of the summer games 2020

Major sporting events around the world not only cast a spell on viewers, they also bring malware players onto the scene. Already in Apron During the 2020 Summer Games, the external consultant responsible for IT security, Toshio Nawa, warned of cyber attacks. Due to the special situation of an Olympics without on-site spectators, online streaming was an opportunity for those interested in sports around the world to follow decisions on the screen.

The security researchers at Zscaler analyzed the amount of malware during the summer Olympics and discovered all kinds of malicious software, from coins to ransomware, fake streaming websites and adware. In addition to stealing information, the fake pages were also used for scamming attacks and adware lured users into installing irrelevant browser extensions, such as the well-known browser hijacker “YourStreamSearch” or “OlympicDestroyer”, which is used to steal login information from the victim’s machine . Most of the streaming transactions observed in Europe came from Germany with 8.6 percent and France with 8.3 percent of the worldwide traffic examined.

Deepen Desai, CISO bei Zscaler

Deepen Desai, CISO and VP Security Research stated, “Online streaming is more popular than ever, and with global events like the Olympics, it’s important for viewers to understand the serious implications of potential threats. With many of these online streaming viewers being ordinary workers working from home due to the pandemic, online events are a prime target for hackers. “

The fake streaming services should not be confused with the official streaming providers around the sporting events. The fakes promise free access and still require login information for payment systems. The templates used for the fake pages have already been observed in connection with major events such as the NBA or football.

The adware detected was supposedly free streaming services that instead redirected users to websites dedicated to gambling, car trading, etc. Users were coerced into installing adware in the form of browser extensions that led them to fake software updates. In the case of olympicstreams[.]me will prompt users to install the Yourstreamsearch browser extension. Yourstreamsearch is a well-known browser hijacker that recommends ads based on search history.

Olympic-Destroyer is a sophisticated piece of malware that was first observed during the 2018 Winter Games in South Korea. The malware compromised the official website of the games and affected ticket sales. At its core, Olympic Destroyer is a worm that spreads via Windows network shares. The malware places several embedded and obfuscated files on the victim’s computer that attempt to steal browser and system credentials.

One interesting behavior is that Olympic-Destroyer can generate various binary files based on the credentials obtained. This has resulted in many variations that accomplish the same task. In addition to collecting credentials, the malware tries to deactivate the target computer by using cmd.exe, among other things, to deactivate backups, edit boot policies and delete event logs, which makes it difficult to reset the affected IT system.

Deepen Desai recommends companies that work from home: “To reduce the risk of such attacks, it is important to enforce consistent security policies regardless of where the users are. You should also implement a zero trust architecture to limit the potential damage if a system is compromised. Additional security precautions, such as the implementation of multi-factor authentication, the timely implementation of security updates or the creation of backups, are essential to make your business processes resistant to cyber attacks. “

More details in the Zscaler blog: https://www.zscaler.com/blogs/security-research/fake-streaming-adware-target-olympics-2020

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

Trending