Don’t be the business to drop the baton this summer Zscaler warns

Don’t be the business to drop the baton this summer Zscaler warns

Summer Games challenge businesses to refocus security posture

Zscaler, the leading cloud security provider, has issued a strong warning for organisations to refocus their security efforts ahead of this year’s biggest summer sporting event. Cybercriminals are aware that users are searching for convenient ways to stay up-to-date with the latest sporting action, forcing enterprises to roll out revised security policies that ensure the security of users watching, searching for, or downloading associated sporting coverage.

Most critically, organisations need to consider their exposure to phishing and malware attempts, exploitation of mobile applications and how this will impact business continuity. ThreatLabZ research from past events highlighted that 80 per cent of “Olympic” web domains were found to be scams or spam, pinpointing the need for increased business vigilance.

Chris Hodson, EMEA CISO at Zscaler said:

“Protection and productivity should be at the forefront for business leaders across the world in the run up to the Games. In the last few years we’ve seen cybercriminals using spam emails and scam websites mirroring legitimate sites to entice users to click on, and download malicious files. This year’s events host similar risks and we should expect similar techniques from those trying to exploit users.”

In considering their risk profile so that its infrastructure and employees, are prepared, businesses need to ensure ‘enterprise readiness’ across three key areas – business productivity, cyber threats and approved applications – when preparing for the sporting season.

Business Productivity

As businesses shift to the cloud, cyber security and prioritisation of web traffic remains a priority. Online streaming of events from official broadcasters runs the risk of diverting employee attention and saturating network bandwidth that is required for critical business applications, including Salesforce, Office 365 and Workday.

“While it may seem easier to simply blanket ban any live coverage of the Games during working hours, this will only leave employees feeling demotivated and encourage them to look for other means of viewing events. This could in turn result in an increase in absence from the office and leave employees open to social engineering attacks, as their vigilance is lowered as they look for any means necessary to stream popular events. Rather, organisations should take a proactive approach to ensure bandwidth is appropriately provisioned.”

Phishing and Malware

While phishing can take multiple forms – from spam email messages, social media, Typo Squatting and over the phone social engineering – all have the same end-goal to make money by harvesting usernames and passwords, personally-identifiable information and/or payment card information.

At the Vancouver Games, Zscaler observed cybercriminals masquerading themselves as legitimate websites and applications in order to upload malware and steal sensitive information – we expect the same at Rio. Criminals use international events to capitalise on customer excitement and demand, often creating bogus ticket purchasing sites, offering discounted tickets or even tickets to sold out events. “Falling for one of these scams not only leaves customers disappointed when tickets fail to arrive, but they have also left their personal information exposed, as these sites are rarely protected with at-rest and in-flight encryption technology” comments Hodson.

Directing user traffic to bogus domains allows cybercriminals to leverage readily available exploit kits which look for vulnerabilities to load arbitrary malware onto, whilst also allowing criminals to offer seemingly free streaming of events. The Zscaler ThreatLabZ research team has already found cases of exploit kit traffic coming from “Olympics”-related content and predicts more attacks targeting users with emails and attachments around further “Olympics”-related content, discounts and schedules.

“Cybercriminals will look to play on our anticipation of the Games this year” predicts Hodson. “Businesses need to ensure that they are able to identify phishing sites and detect scripts which are running in webpages which could be malicious. Relying on URL filtering and reputation off-site is no longer an appropriate cyber security defence framework. Streaming sites should be enabled on a whitelist-only approach” Hodson continued.

Mobile Apps and App Stores

Just last month, malware disguised itself as an online banking app for Russian’s largest bank, Sberbank, mirroring a similar login screen to the original app in order to steal user credentials as soon as the victim tried to authenticate. While Trojan malware that uses mobile applications as a delivery mechanism is nothing new, during major sporting events, cybercriminals will be looking to exploit the fact that millions of users will be looking for convenient methods of keeping up-to-date with the sporting action and will write mobile-applications that mirror their official equivalents.

While the business and security implications that the Games bring are not to be taken lightly, many of the tactics cybercriminals will be using to target unsuspecting users are unlikely to be anything new. As a first line of defence against mobile malware, organisations need to be blocking access to third-party app stores and only allowing access to the Play Store and Apple App Store (for Android and IoS respectively). And while there are isolated instances of rogue applications finding their way to approved stores, the risk has found to be significantly lower. Organisations need to also be considering sandboxing technologies to detonate and inspect unknown Android APK files being downloaded to corporate devices.

[su_button url=”https://www.zscaler.com/” target=”blank” style=”flat” background=”#df2027″ color=”#ffffff” size=”10″ radius=”0″ icon=”icon: arrow-circle-right”]Click here to find out more about Zscaler[/su_button]

About Security Buyer

Security Buyer is the leading authority in global security content, delivering expert news, in-depth articles, exclusive interviews, and industry insights across print, digital, and event platforms. Published 10 times a year, the magazine is a trusted resource for professionals seeking updates and analysis on the latest developments in the security sector.

To submit an article, or for sponsorship opportunities, please contact our team below.

Rebecca Spayne picture 2025

Rebecca Spayne

Managing
EDITOR

Georgina Turner image

Georgina Turner

Sales
Manager

Afua Akoto image - Security Buyer

Afua Akoto

Marketing Manager

Read the Latest Issue

Follow us on X

Follow us on X

Click Here

Follow us on LinkedIn

Follow us on LinkedIn

Click Here

Advertise here

Reach decision makers and amplify your marketing

Advertise here

Click Here

Related News

Image provided by SentinelOne

SentinelOne to Spotlight AI-Power at GISEC 2025

SentinelOne announces its participation at GISEC Global 2025 (6-8 May) at the Dubai World Trade Centre. The company will highlight..
Two young intercultural programmers trying to solve problem with access to data while interacting in front of computers

DDoS attacks targeting critical infrastructure

NETSCOUT released its 2H2024 DDoS Threat Intelligence Report, revealing how Distributed Denial of Service (DDoS)…
Copyright: Security Buyer

ASIS UK Launches “Security is You(th)” Hackathon

ASIS International UK has launched Security is You(th), an initiative designed to engage students and early-career professionals…
BeyondTrust

Into the Cloud – Morey J. Haber, BeyondTrust

The January edition of International Security Buyer featured Morey J Haber, Chief Security Advisor for BeyondTrust in our Into the Cloud…
Riham Security website

Growing Intersec Saudi Arabia

Intersec Saudi Arabia’s Event Director, Riham Sedik, discusses the event’s future growth and government partnerships
Olympics

Hanwha Vision cameras assist Olympic athletes in France

Hanwha Vision Europe has installed video surveillance in Paris, France to aid Olympic athletes and coaching in training and preparation.
Infloblox

Olympics Scammers Take Their Marks, Get Set, and Go!

Infoblox Threat Intel explores how bad actors are taking advantages of the public’s interest in the Olympic games from both…
Olympics

Enhancing Security at the Olympics with Facial Recognition

Sports hold profound significance in the lives of athletes, nations, and citizens alike, fostering a sense of unity and national pride.

Neustar Security Services introduces UltraPlatform

Neustar Security Services, a provider of cloud-based security services that enable businesses to thrive online, is launching UltraPlatform.

Security and fire 2023 trends

In 2023 all industries will face several challenges: sustainability, cost increases, and how to better manage energy & resources.
Scroll to Top