Hackers showed how ruthless they can be by going after the Special Olympics of New York to steal information from previous donors for their phishing campaign. The Special Olympics of New York is a Non-Government Organization that focuses on providing sports training and athletic competition to thousands of children and adults across New York.
The Special Olympics of New York admitted in their statement that their server was temporary hacked, advising targeted donors to disregard any message received recently. These hackers seem to be much different from others who decide not to attack any organization that provides services to the most vulnerable group in the community.
Image Source: www.techrepublic.com
According to the report, hackers attacked the email server of the organization during the Christmas holidays and accessed some information from previous donors. As claimed by the notification message sent by the Special Olympics of New York, the hackers only compromised their communication system which contained the contact information of the donors.
The Special Olympics of New York clarified that no financial details were accessed. However, depending on the exposed donor’s information, victims can be at risk of identity theft. The hackers were much interested in their phishing campaign to steal millions from donors.
As reported by Bleeping Computer, the hackers after getting access to the contact information of donors delivered fake alert disguised as a genuine message of Impending donation transaction. This was meant to initiate an automatic debit of $194249 from the target’s account within the space of two hours.
It is obvious that hackers mostly provide a short timeframe for their attack to give targets limited time to think and take action. The emails contained malicious links designed to execute the action after inducing their sense of urgency to click on them.
From the report, it was obvious that the hackers devoted much effort in their plan to make every message and link look genuine. They utilized a constant contact tracking URL to redirect the targets to a designed landing page. Targets who clicked on the malicious link provided in the message were led to the PDF version of the transaction statement created as any other genuine statement.
Image Source: www.techradar.com
They asked the targets to review and confirm that all the provided information are correct. They also provided a phone number as a contact in case targeted donors have any queries. As of now, the landing page has been taken down according to the report.
Hackers seem to have reverted back to the phishing campaigns delivered to targeted individuals and disguised to be coming from a working colleague, service provider or an employer.
A Tokyo 2020 Summer Olympic staff has also issued a warning regarding phishing emails disguised to have been coming from the – Tokyo Organizing Committee of the Olympic and the Paralympic games 2020. Similarly to any other phishing campaign, the emails contain malicious links that redirect targets to a phishing site or landing page. Others also infect computers of targets and execute the instruction as programmed. Hackers target the weakest link of the security chain to stand a better chance of success.
In another report published in October 2019, the corporate vice-president of customer security and trust at Microsoft, Tom Burt revealed that the Russian state-sponsored hacker group has been tracking with the intention to hack sporting events ahead of the Tokyo 2020 Olympics.
According to the report, the Russian hackers resort to a technique called the spear-phishing attack and the spraying technique. Similarly to the attack on the Special Olympics of New York, the technique makes use of familiar individuals to lure targets to open a malicious link. This is mostly a targeted approach.
The Spraying technique used by the Russian hackers makes use of a small number of commonly used passwords against a large number of attacks. According to research, hackers stand a chance of succeeding in a few of the targeted accounts, and the ones with poor password strength are mostly accessed.
Russian hackers were reported to have attacked the World Anti Doping Agency a few days before they were warned that they would be banned from any sporting event including the Olympics. Similarly, the Russian hackers also launched multiple attacks on the 2018 Winter Olympics after they were banned from participating.
The attack included leaked emails, broad infections, and theft of data which is actually different from the recent attack on the Special Olympics of New York meant to steal funds from donors through deceptive emails.
A data breach is taking new forms and attackers are constantly designing campaigns that will deceive targets to send funds unaware. Most of these techniques can still succeed even if the targets have the latest version of antivirus. The only way to avoid some of these threats is to become extra vigilant and cautious about the kind of links clicked in emails.
Disclaimer: Darkweblink.com does not promote or endorse claims that have been made by any parties in this article. The information provided here is for the general purpose only and unintended to promote or support purchasing and/or selling of any products and services or serve as a recommendation in the involvement of doing so. Neither Darkweblink.com nor any member is responsible directly or indirectly for any loss or damage caused or alleged to be caused by or in relation to the reliance on or usage of any content, goods or services mentioned in this article.