Story image

Domain fraud rife during PyeongChang Winter Olympics

27 Feb 2018

The 2018 Winter Olympic Games in PyeongChang have been a demonstration of sports prowess, but also malicious activity prowess as cybercriminals do their best to make the most of the chances for fraudulent activity.

According to Proofpoint, it’s not just the PyeongChang Olympics that are attracting criminals, but also the upcoming 2020 Olympics in Tokyo, the 2022 Olympics in Beijing and the 2024 Olympics in Paris.

Proofpoint researchers Harold Nguyen and Roman Tobe have been following domain registrations for each of the events. Since 2010, 105 domains related to pyeongchang2018.com have been registered – and registrations started the same year the official site was registered.

Registration activity of ‘lookalike domains’ started to pick up in 2014, and since the beginning of 2017 at least 20 new suspicious domains have popped up.

Those domains may be used for a variety of purposes, including advertising and monetizing web traffic. Others are used to profit from illegal streaming and paywalls and some are profiting through non-sanctioned ticket sales.

Only three of the 105 domains were legitimate (although unofficial) domains, which are being used for Olympic medal tracking purposes.

One particular site, pyeongchang2018tickets.ru is an unauthorized ticket reseller, which increases risk through the possibility of ticket fraud. The National Olympic Committee lists all authorized ticket resellers by country and has guidelines on reseller requirements.

“Pyeongchang2018live.com is a live-streaming site, which is likely neither official nor legal. It asks for payment in PayPal, indicating a potential scam,” researchers note.

However, more than 35% of domains are ‘parked sites’, which researchers are suspect are being used for cybersquatting or to put up for sale in the future.

Typosquatting is also present in at least one example, pyeongchang2o18.com, where the 0 was substituted for the character o.

Researchers say the statistics seem to be in line with current trends. They explain:

“From January through August 2017, brand-owned defensive domains have fallen while suspicious domains registered by someone other than the brand have grown. In that same time period, suspicious domain registrations rose 20% vs. the year-ago period as brand-owned defensive registrations fell 20%.

While it is too early to tell how many of the Tokyo, Beijing and Paris Olympic domain lookalikes will be used will be used for malicious activity, it is likely that domains such as these will continue to surface.

So far registrations related to ‘tokyo2020’ have reached more than 500, while ‘beijing 2022’ has reached 100 registrations and ‘paris2024’ registrations have reached 200.

“.A sign that brand-owned, unofficial and fraudulent domain registrations need to be persistently monitored for consumer protection and reputational risk,” researchers conclude.

Oracle updates enterprise blockchain platform
Oracle’s enterprise blockchain has been updated to include more capabilities to enhance development, integration, and deployment of customers’ new blockchain applications.
Used device market held back by lack of data security regulations
Mobile device users are sceptical about trading in their old device because they are concerned that data on those devices may be accessed or compromised after they hand it over.
Gartner names ExtraHop leader in network performance monitoring
ExtraHop provides enterprise cyber analytics that deliver security and performance from the inside out.
Symantec acquires zero trust innovator Luminate Security
Luminate’s Secure Access Cloud is supposedly natively constructed for a cloud-oriented, perimeter-less world.
Palo Alto releases new, feature-rich firewall
Palo Alto is calling it the ‘fastest-ever next-generation firewall’ with integrated cloud-based DNS Security service to stop attacks.
The right to be forgotten online could soon be forgotten
Despite bolstering free speech and access to information, the internet can be a double-edged sword, because that access to information goes both ways.
Opinion: 4 Ransomware trends to watch in 2019
Recorded Future's Allan Liska looks at the past big ransomware attacks thus far to predict what's coming this year.
Red Box gains compliance boost with new partnership
By partnering with Global Relay, voice platform provider Red Box is improving the security of its offerings for high-value and risk voice data.