sb-as logo
Story image

Domain fraud rife during PyeongChang Winter Olympics

27 Feb 2018

The 2018 Winter Olympic Games in PyeongChang have been a demonstration of sports prowess, but also malicious activity prowess as cybercriminals do their best to make the most of the chances for fraudulent activity.

According to Proofpoint, it’s not just the PyeongChang Olympics that are attracting criminals, but also the upcoming 2020 Olympics in Tokyo, the 2022 Olympics in Beijing and the 2024 Olympics in Paris.

Proofpoint researchers Harold Nguyen and Roman Tobe have been following domain registrations for each of the events. Since 2010, 105 domains related to pyeongchang2018.com have been registered – and registrations started the same year the official site was registered.

Registration activity of ‘lookalike domains’ started to pick up in 2014, and since the beginning of 2017 at least 20 new suspicious domains have popped up.

Those domains may be used for a variety of purposes, including advertising and monetizing web traffic. Others are used to profit from illegal streaming and paywalls and some are profiting through non-sanctioned ticket sales.

Only three of the 105 domains were legitimate (although unofficial) domains, which are being used for Olympic medal tracking purposes.

One particular site, pyeongchang2018tickets.ru is an unauthorized ticket reseller, which increases risk through the possibility of ticket fraud. The National Olympic Committee lists all authorized ticket resellers by country and has guidelines on reseller requirements.

“Pyeongchang2018live.com is a live-streaming site, which is likely neither official nor legal. It asks for payment in PayPal, indicating a potential scam,” researchers note.

However, more than 35% of domains are ‘parked sites’, which researchers are suspect are being used for cybersquatting or to put up for sale in the future.

Typosquatting is also present in at least one example, pyeongchang2o18.com, where the 0 was substituted for the character o.

Researchers say the statistics seem to be in line with current trends. They explain:

“From January through August 2017, brand-owned defensive domains have fallen while suspicious domains registered by someone other than the brand have grown. In that same time period, suspicious domain registrations rose 20% vs. the year-ago period as brand-owned defensive registrations fell 20%.

While it is too early to tell how many of the Tokyo, Beijing and Paris Olympic domain lookalikes will be used will be used for malicious activity, it is likely that domains such as these will continue to surface.

So far registrations related to ‘tokyo2020’ have reached more than 500, while ‘beijing 2022’ has reached 100 registrations and ‘paris2024’ registrations have reached 200.

“.A sign that brand-owned, unofficial and fraudulent domain registrations need to be persistently monitored for consumer protection and reputational risk,” researchers conclude.

Story image
Kroll completes Redscan acquisition, expands cyber risk portfolio
With the addition of Redscan and its extended detection and response (XDR) enabled security operations centre (SOC) platform, Kroll expands its Kroll Responder capabilities to support a wider array of cloud and on-premise telemetry sources.More
Story image
Cybersecurity budgets still not keeping up with threats — report
Executive teams are failing to recognise the level of damage cyber-threats pose to organisations, according to Sophos — many of them taking a ‘conservative approach’ to cybersecurity expenditure.More
Story image
Video: 10 Minute IT Jams - Radware VP on the challenges of cloud security
In this interview, Techday speaks to Radware vice president of technologies Yaniv Hoffman, who discusses the primary challenges facing IT organisations in terms of their cloud security apparatus.More
Story image
COVID-19 pandemic propels uptake of cyber threat intelligence
The COVID-19 pandemic is pushing organisations of all sizes to up their security game, for one implementing Cyber threat intelligence (CTI) programmes.More
Story image
Kasada launches new defenses against bot attacks
Kasada has announced the general availability of its new V2 platform in a bid to address the increasing sophistication of bot attacks.More
Story image
Hybrid IAM solutions are the way of the future, study states
“As this first-of-its-kind research shows, while IT leaders are faced with unique criteria and conditions that shape their IT strategy, hybrid IAM has emerged as a necessity."More