sb-as logo
Story image

Russian hackers steal Olympic athletes data: Insights and advice from Webroot

15 Sep 2016

Unless you’ve been living under a rock, you’d most likely be aware of the recent hacking of the World Anti-Doping Agency (WADA).

Said to originate from Russia, the group known as Fancy Bear revealed it had stolen information about a number of Olympic athletes, including US tennis sisters Serena and Venus Williams and the high-flying gymnast Simone Biles.

On the Fancy Bear site, the cyber criminals posted that they believe in fair play and clean sport.

"We are going to tell you how Olympic medals are won. We hacked World Anti-Doping Agency databases and we were shocked with what we saw," the website said.

WADA director-general, Olivier Niggli labelled the cyber-crime cowardly and despicable.

"WADA condemns these ongoing cyber-attacks that are being carried out in an attempt to undermine WADA and the global anti-doping system," Niggli says.

According to WADA, the Fancy Bear group is believed to have gained access to its administration and management system via an International Olympic Committee-created account for the Rio games.

With this recent attack, it’s clear that nobody is safe from cyber-crime, no matter how big you may be.

Director of Threat Research at Webroot, David Kennerly affirms that this is a classic example of cyber-criminal craft.

“This attack demonstrates that the humble phishing scam continues to thrive as one of the most effective attack vectors, and is yet another example of the need for strong and continuous communication between organisations and their employees,” Kennerly says. “User education should never be underestimated – it’s arguably the most cost-effective approach to improving the security posture of any organisation.”

Despite the number of cyber attacks every day, many businesses are still unaware of the huge and constant risks – as the WADA example illustrates.

“Employees and users of an enterprise’s IT systems must be educated on the risks associated with phishing, with regular training and testing essential to ensure robust security,” Kennerly says. “Fundamentally, organisations must realise that cybercriminals only need to find one hole in the defences to do serious damage, whereas security professionals have to secure against all eventualities, including phishing.”

It’s certainly an interesting case and one can only hope that other businesses will learn from it.

Story image
Protegrity rolls out updates to data protection platform
Protegrity has updated its Protegrity Data Protection Platform to better secure sensitive data in hybrid-cloud, multi-cloud and SaaS environments.More
Story image
Microsoft is most imitated brand for phishing attacks in Q3
Popular phishing tactics using the Microsoft brand used email campaigns to steal credentials of Microsoft accounts, luring victims to click on malicious links which redirect them to a fraudulent Microsoft login page. More
Story image
Businesses left to make decisions based on old, inaccurate data, study finds
"It is more critical than ever that organisations have access to actionable, contextualised, near real-time threat data to power the network and application security tools they use to detect and block malicious actors."More
Story image
Cisco report: Remote working is here to stay, making cybersecurity a top priority
"With this new way of working here to stay and organisations looking to increase their investment in cybersecurity, there’s a unique opportunity to transform the way we approach security as an industry to better meet the needs of our customers and end-users.”More
Story image
Secureworks: Remote working exposes new security vulnerabilities
New vulnerabilities have been exposed as IT teams across the world respond to the ongoing COVID-19 pandemic.More
Story image
UiPath and eSentire bring hyperautomation to Microsoft Security
UiPath and eSentire have announced a strategic partnership to deliver end-to-end security policy automation across multiple Microsoft Security services.More