sb-au logo
Story image

Russian hackers steal Olympic athletes data: Insights and advice from Webroot

15 Sep 2016

Unless you’ve been living under a rock, you’d most likely be aware of the recent hacking of the World Anti-Doping Agency (WADA).

Said to originate from Russia, the group known as Fancy Bear revealed it had stolen information about a number of Olympic athletes, including US tennis sisters Serena and Venus Williams and the high-flying gymnast Simone Biles.

On the Fancy Bear site, the cyber criminals posted that they believe in fair play and clean sport.

"We are going to tell you how Olympic medals are won. We hacked World Anti-Doping Agency databases and we were shocked with what we saw," the website said.

WADA director-general, Olivier Niggli labelled the cyber-crime cowardly and despicable.

"WADA condemns these ongoing cyber-attacks that are being carried out in an attempt to undermine WADA and the global anti-doping system," Niggli says.

According to WADA, the Fancy Bear group is believed to have gained access to its administration and management system via an International Olympic Committee-created account for the Rio games.

With this recent attack, it’s clear that nobody is safe from cyber-crime, no matter how big you may be.

Director of Threat Research at Webroot, David Kennerly affirms that this is a classic example of cyber-criminal craft.

“This attack demonstrates that the humble phishing scam continues to thrive as one of the most effective attack vectors, and is yet another example of the need for strong and continuous communication between organisations and their employees,” Kennerly says. “User education should never be underestimated – it’s arguably the most cost-effective approach to improving the security posture of any organisation.”

Despite the number of cyber attacks every day, many businesses are still unaware of the huge and constant risks – as the WADA example illustrates.

“Employees and users of an enterprise’s IT systems must be educated on the risks associated with phishing, with regular training and testing essential to ensure robust security,” Kennerly says. “Fundamentally, organisations must realise that cybercriminals only need to find one hole in the defences to do serious damage, whereas security professionals have to secure against all eventualities, including phishing.”

It’s certainly an interesting case and one can only hope that other businesses will learn from it.

Link image
Why performance monitoring is essential to keep cloud costs down
Cloud comes with many different associated costs, which can sneak up on organisations and drive down efficiency. Here's how to reduce costs by up to 50%.More
Story image
Metallic adds data management and GDPR compliance
Now GDPR compliant, additions to the portfolio include eDiscovery features and support for Microsoft Hyper-V and Azure Blob and File storage.More
Story image
ESET launches the latest version of its Mobile Security solution
“With this latest version of ESET Mobile Security, we want to ensure our users feel completely secure when performing financial transactions on their devices, in addition to being protected from malware and phishing attempts."More
Story image
Gartner: By 2023, 65% of the world will have personal data covered under modern privacy regulations
“Security and risk management (SRM) leaders need to help their organisation adapt their personal data handling practices without exposing the business to loss."More
Story image
Video: 10 Minute IT Jams - The benefits of converged cloud security
Today, Techday speaks to Forcepoint senior sales engineer and solutions architect Matthew Bant, who discusses the benefits of a converged cloud security model, and the pandemic's role in complicating the security stack in organisations around the world.More
Story image
Yubico launches latest YubiKey with NFC & USB-C support
Yubico has released a new hardware authentication key, designed to provide security through both near-field communication (NFC) and USB-C connections and smart card support.More