SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Story image
Russian hackers steal Olympic athletes data: Insights and advice from Webroot
Thu, 15th Sep 2016
FYI, this story is more than a year old

Unless you've been living under a rock, you'd most likely be aware of the recent hacking of the World Anti-Doping Agency (WADA).

Said to originate from Russia, the group known as Fancy Bear revealed it had stolen information about a number of Olympic athletes, including US tennis sisters Serena and Venus Williams and the high-flying gymnast Simone Biles.

On the Fancy Bear site, the cyber criminals posted that they believe in fair play and clean sport.

"We are going to tell you how Olympic medals are won. We hacked World Anti-Doping Agency databases and we were shocked with what we saw," the website said.

WADA director-general, Olivier Niggli labelled the cyber-crime cowardly and despicable.

"WADA condemns these ongoing cyber-attacks that are being carried out in an attempt to undermine WADA and the global anti-doping system," Niggli says.

According to WADA, the Fancy Bear group is believed to have gained access to its administration and management system via an International Olympic Committee-created account for the Rio games.

With this recent attack, it's clear that nobody is safe from cyber-crime, no matter how big you may be.

Director of Threat Research at Webroot, David Kennerly affirms that this is a classic example of cyber-criminal craft.

“This attack demonstrates that the humble phishing scam continues to thrive as one of the most effective attack vectors, and is yet another example of the need for strong and continuous communication between organisations and their employees,” Kennerly says. “User education should never be underestimated – it's arguably the most cost-effective approach to improving the security posture of any organisation.

Despite the number of cyber attacks every day, many businesses are still unaware of the huge and constant risks – as the WADA example illustrates.

“Employees and users of an enterprise's IT systems must be educated on the risks associated with phishing, with regular training and testing essential to ensure robust security,” Kennerly says. “Fundamentally, organisations must realise that cybercriminals only need to find one hole in the defences to do serious damage, whereas security professionals have to secure against all eventualities, including phishing.

It's certainly an interesting case and one can only hope that other businesses will learn from it.