San Jose, California, July 26, 2016
Zscaler, the leading cloud security provider, today issued a strong warning for organizations to refocus their security efforts ahead of this year’s biggest summer sporting event. Most critically, organizations need to keep their exposure to phishing and malware attempts in mind. Exploitation of mobile applications and their possible impact on business continuity is also important to consider.
The warning comes in light of the real threat cybercriminals pose, as users find convenient ways to keep up with latest sporting news. At the last games, ThreatLabZ research found that 80 percent of “Olympic” web domains were scams or spam, pinpointing the need for increased business vigilance.
“Streamlined security that doesn’t hinder productivity should be business leaders’ singular focus for the Games,” said Michael Sutton, CISO at Zscaler. “Every Games, cybercriminals use spam and spoofed websites to trick users into clicking and downloading malicious files. This will be no different.”
To fight this threat, businesses should ensure enterprise readiness across three key areas—business productivity, cyber threat response and approved applications—when preparing for the Games this summer.
Cybersecurity and the prioritization of web traffic are paramount in the cloud age. Consider how online streaming can divert employee attention or the saturation of network bandwidth that can interfere with critical business applications like Salesforce, Office365 or Workday.
“Employees will find a workaround if you completely block all live coverage, even if it means staying home,” comments Sutton. “The result is an increase in absences and employees that are vulnerable to social engineering, as they seek out websites or streams related to the Games. As such, organizations adopt a proactive security stance to appropriately provision bandwidth and monitor traffic.”
Phishing and Malware
Phishing is a primary way of harvesting usernames and passwords, personally identifiable information and/or payment card information for financial gain.
At the Vancouver Games, Zscaler observed cybercriminals masquerading as legitimate websites and applications that uploaded malware and stole sensitive information. We can expect the same at Rio, as criminals use the major international event to exploit consumer fervor. “Falling for scams, consumers not only fail to gain tickets or other goods, they also expose personal information, placing them at risk of further fraud,” comments Sutton.
Directing user traffic to bogus domains allows cybercriminals to leverage readily available exploit kits to exploit bugs in the background while presenting a seemingly normal façade. The Zscaler ThreatLabZ research team has already found cases of exploit kit traffic coming from “Olympics” related content and predicts more attacks targeting users with emails and attachments around further “Olympics”-related content, discounts and schedules.
“Because cybercriminals will tap into our anticipation of the Games this year, businesses need to ensure they can identify and mitigate attacks from phishing campaign to exploit kits,” said Sutton. “We can no longer rely solely on URL filtering or the reputation of a site,” Sutton continued.
Mobile Apps and App Stores
Just last month, malware disguised itself as an online banking app for Russia’s largest bank, Sberbank, mirroring a similar login screen to the original app in order to steal user credentials as soon as the victim tried to authenticate. The same can be expected of applications that users may use to keep up-to-date with the sporting events.
The business security implications aren’t small, but they can be simple to mitigate considering the tactics are not new. For mobile malware, organizations should block access to third-party app stores, allowing access only to the Google Play Store and Apple App Store. Organizations should also consider sandboxing technologies to inspect unknown Android APK files being downloaded to corporate devices.
Zscaler is revolutionizing Internet security with the industry’s first Security as a Service platform. As the most innovative firm in the $35 billion security market, Zscaler is used by more than 5,000 leading organizations, including 50 of the Fortune 500. Zscaler ensures that more than 15 million users worldwide are protected against cyber attacks and data breaches while staying fully compliant with corporate and regulatory policies.
Zscaler is a Gartner Magic Quadrant leader for Secure Web Gateways and delivers a safe and productive Internet experience for every user, from any device and from any location — 100% in the cloud. With its multi-tenant, distributed cloud security platform, Zscaler effectively moves security into the internet backbone, operating in more than 100 data centers around the world and enabling organizations to fully leverage the promise of cloud and mobile computing with unparalleled and uncompromising protection and performance. Zscaler delivers unified, carrier-grade internet security, next generation firewall, web security, sandboxing/advanced persistent threat (APT) protection, data loss prevention, SSL inspection, traffic shaping, policy management and threat intelligence—all without the need for on-premise hardware, appliances or software. To learn more, visit us at www.zscaler.com.
- Zscaler Security Research
- Zscaler Security as a Service
- Award-winning Web Security
- World’s First Next Generation Cloud Firewall
- Sandboxing and Behavioral Analysis
Director of Communications