Written byDan Verton
Russian cyber-crime organizations may have deployed malicious network infrastructure in and around Sochi during the last couple of weeks leading up to tonight’s opening ceremony of the 2014 Winter Olympic games for the purpose of conducting identity theft attacks, warns a new report by cyber-threat intelligence firm Lookingglass Cyber Solutions.
Lookingglass CEO Chris Coleman said his analysts began profiling all Internet activity in and around Sochi on Feb. 5, and through historical domain name server data were able to determine an increase in known criminal infrastructure had taken place during the last two weeks.
“We were able to hone in on several new top-level domains and saw that the individuals that registered those also had a larger footprint of registrations at the global level” known to be tied to Russian cyber-crime organizations, Coleman said.
The bulk of the networks in and around Sochi, including those operated by popular hotel venues, share common services with other Russian-based infrastructure known to be associated with the Russian Business Network, a major cyber-crime organization specializing in identity theft.
At the same time Lookingglass saw the increase in cyber-infrastructure in and around Sochi, it began to detect an increase in botnet activity coming out of those same networks.
According to the Lookingglass alert, the networks in the region show activity consistent with known criminal spam and botnet operations in Russia, such as Cutwail, a sophisticated spam botnet that used social engineering to lure individuals to click on links and enter personal information. One such operation involving Qantas Airlines’ seat selection emails was so convincing, the company had to issue its own alert to customers.
Cutwail also has a history of being used to infect hosts with the ZeuS GameOver banking Trojan, as well as infecting hosts to conduct distributed denial of service attacks. In Sochi, Lookingglass has also discovered Cutwail indicators emanating from 4G networks.
According to Coleman, many of the new 4G networks that have popped up in and around Sochi are leveraging Internet points of presence that link them potentially to criminal infrastructure. The company is currently analyzing reports of offers for fake anti-virus tools and ransomware — a type of malware that can lock users out of their own computer or encrypt their files until a ransom is paid.
“If possible, spectators should avoid the use of network-connected devices such as smartphones and laptops,” the alert states.
Other recommendations contained in the alert include:
- Be on the lookout for the following: strange emails, links, social engineering, phishing, etc.
- Be extra protective of business and personal credentials and credit card information.
- Monitor for fraudulent charges to your credit cards as they may slip automated flags set up by your providers if you have notified them you are traveling to the region.
- Limit the use of network-connected devices such as smartphones and laptops, especially from accessing proprietary, financial, confidential or personal information.
- Consider cleaning devices of critical information prior to entering the region.