Last week, we saw reports of individuals arrested on charges of terrorism ahead of the upcoming games in Rio. This is a worrying development, but it is not the only security threat facing Rio 2016; the risks posed by cybersecurity should not be ignored. With less than two weeks until the opening ceremony, our latest research discusses eight cybersecurity considerations around Rio 2016.
Threats have emerged from a variety of actors with a range of motivations, capabilities and tools. Brazil already has established cybercriminals and, as we saw in the 2014 World Cup, we’re likely to see a fair amount of banking fraud and scams. Where opportunities exist, there will invariably be individuals on hand to profit. This is aided somewhat by the amount of tourists visits, their banking activity and use of unprotected local WiFi networks. All of these factors provide rich pickings for cybercriminals.
There’s also no shortage of innovation in Brazil, with many services advertised across social media. Take the image below, for example. This user advertised the rent of a “fully functional” banking Trojan for approximately $600 USD via YouTube. Our paper looks at similar threats in more depth.
Figure 1: YouTube video promoting “fully functional” Brazilian banking Trojan for rent
It’s not just cybercriminals who are looking to have an impact on Rio 2016; hacktivists are also gearing up. In February 2016, we reported on the announcement of the hacktivist operation OpOlympicHacking by members of Anonymous Brasil and an affiliate group known as ASOR Hack Team. The operation was announced as a reaction against the Brazilian government’s over-expenditure in comparison to the current economic difficulties faced by many Brazilians. The situation in Brazil has not improved; Brazil is in the midst of a number of political and health challenges – namely the ongoing impeachment of President Dilma Rousseff and worldwide health concerns over the Zika virus.
Figure 2: Anonymous image promoting OpNimr and OpOlympicHacking campaigns
While we have no yet seen hacktivist activity reaching the level observed during the World Cup in 2014, given the very high number of potential victims and the variety of threat actors associated with an international sporting event of this scale, the threat is assessed as high.