Story image

Domain fraud rife during PyeongChang Winter Olympics

27 Feb 2018

The 2018 Winter Olympic Games in PyeongChang have been a demonstration of sports prowess, but also malicious activity prowess as cybercriminals do their best to make the most of the chances for fraudulent activity.

According to Proofpoint, it’s not just the PyeongChang Olympics that are attracting criminals, but also the upcoming 2020 Olympics in Tokyo, the 2022 Olympics in Beijing and the 2024 Olympics in Paris.

Proofpoint researchers Harold Nguyen and Roman Tobe have been following domain registrations for each of the events. Since 2010, 105 domains related to pyeongchang2018.com have been registered – and registrations started the same year the official site was registered.

Registration activity of ‘lookalike domains’ started to pick up in 2014, and since the beginning of 2017 at least 20 new suspicious domains have popped up.

Those domains may be used for a variety of purposes, including advertising and monetizing web traffic. Others are used to profit from illegal streaming and paywalls and some are profiting through non-sanctioned ticket sales.

Only three of the 105 domains were legitimate (although unofficial) domains, which are being used for Olympic medal tracking purposes.

One particular site, pyeongchang2018tickets.ru is an unauthorized ticket reseller, which increases risk through the possibility of ticket fraud. The National Olympic Committee lists all authorized ticket resellers by country and has guidelines on reseller requirements.

“Pyeongchang2018live.com is a live-streaming site, which is likely neither official nor legal. It asks for payment in PayPal, indicating a potential scam,” researchers note.

However, more than 35% of domains are ‘parked sites’, which researchers are suspect are being used for cybersquatting or to put up for sale in the future.

Typosquatting is also present in at least one example, pyeongchang2o18.com, where the 0 was substituted for the character o.

Researchers say the statistics seem to be in line with current trends. They explain:

“From January through August 2017, brand-owned defensive domains have fallen while suspicious domains registered by someone other than the brand have grown. In that same time period, suspicious domain registrations rose 20% vs. the year-ago period as brand-owned defensive registrations fell 20%.

While it is too early to tell how many of the Tokyo, Beijing and Paris Olympic domain lookalikes will be used will be used for malicious activity, it is likely that domains such as these will continue to surface.

So far registrations related to ‘tokyo2020’ have reached more than 500, while ‘beijing 2022’ has reached 100 registrations and ‘paris2024’ registrations have reached 200.

“.A sign that brand-owned, unofficial and fraudulent domain registrations need to be persistently monitored for consumer protection and reputational risk,” researchers conclude.

Forescout strengthens investment in OT security
Forescout’s latest features will provide enterprises with improved productivity, lower risk profiles and faster mitigation of threats.
Hybrid cloud security big concern for business leaders
A new study highlights that IT and security professionals have significant concerns around security for hybrid cloud and multi-cloud environments.
GitHub launches fund to sponsor open source developers
In addition to GitHub Sponsors, GitHub is launching the GitHub Sponsors, GitHub will match all contributions up to $5,000 during a developer’s first year in GitHub Sponsors.
Check Point announces integration with Microsoft Azure
The integration of Check Point’s advanced policy enforcement capabilities with Microsoft AIP’s file classification and protection features enables enterprises to keep their business data and IP secure, irrespective of how it is shared. 
ESET researchers break down latest arsenal of the infamous Sednit group
At the end of August 2018, the Sednit group launched a spear-phishing email campaign, in which it distributed shortened URLs that delivered first-stage Zebrocy components.
Container survey shows adoption accelerating while security concerns remain top of mind
The report features insights from over 500 IT professionals.
Google 'will do better' after G Suite passwords exposed since 2005
Fourteen years is a long time for sensitive information like usernames and passwords to be sitting ducks, unencrypted and at risk of theft and corruption.
Fake apps on Google Play scamming users out of cryptocurrency
Fake cryptocurrency apps on Google Play have been discovered to be phishing and scamming users out of cryptocurrency, according to a new report from ESET.