“Cyber criminals tend to have poor online etiquette.”
Game of Thrones, the epic fantasy saga spanning eight seasons across almost a decade, reached fever pitch as the final episode approached, writes Peter Groucutt, managing director, Databarracks.
For those still playing catch-up, it’s been difficult to avoid at best, mentions and at worst, spoilers, about each episode as they’re released. Because of social media and the proliferation of information, there is a demand to consume as much content as possible to stay up to date. With both legal and illegal means of watching episodes now easy to access, there are new risks at play.
A survey by Kaspersky, for example, has shown hackers predictably use online downloads to spread malware.
The top target among TV shows? Game of Thrones, of course. Interestingly, it is not just the latest episodes that are targeted. People who want to catch up before the show ends are at risk of being attacked through old episodes – the first ever episode is the chief target of cyber criminals.
So far, nearly 21,000 users have been attacked via Game of Thrones, with Trojans the most common method. Why is it now open season on the internet’s Westeros faithful?
Cyber criminals are always looking for opportunities to exploit unsuspecting victims. The six-week period over which the final season was released meant an explosion in potential targets, as people flood to get, or stay, up to date.
This approach isn’t limited to just the consumer world. In Databarracks’ Business Continuity Podcast (S3, E2), Thomas Croall talks about a ‘known period of heightened risk or heightened demand’. This is when businesses experience a significant rise in user engagement, whether it be online or physical.
Just as pickpockets become more active around a stadium and train stations when a sporting event is on, so too do cyber criminals online.
For example, Black Friday is a known period of heightened risk for the entire retail sector. Everyone knows traffic to online retailers will increase exponentially, increasing the number of potential targets for threat actors. Similarly, at Christmas we see charity websites unwittingly hosting malware that mine contact details and donations.
God of Malware
Cyber criminals use mass or targeted approaches. During this period of Game of Thrones-mania, they know large volumes of episodes, recent and old, are being downloaded indiscriminately across various sites. Therefore, even with a low hit-rate, that volume makes hosting episodes hiding malware lucrative. This type of attack is less likely for businesses because there are more restrictions on what users can download but that doesn’t mean they aren’t susceptible.
Phishing attempts can coincide with periods of heightened demand or risk, when it’s easier to confuse or manipulate. Like this ‘Game of Thrones’ type-threat, mass-scale inbound phishing attempts operate under the veil of known events to emulate the same type of attack. For instance, emails purporting to be from HMRC at key tax periods or from common software vendors at the time of major updates. Cyber criminals can use these periods of heightened risk for targeted attacks too. News in the public domain about your organisation can be quickly used to exploit periods of uncertainty and change. A merger, acquisition or winning a major new contract create those periods of heightened risk.
What can we do to prepare and protect ourselves? Firstly, do you know if/when you have periods of heightened risk? This is when your business is most likely to be targeted – during peak time. Cyber awareness across the organisation is key. Everyone should be informed about the possible ways cyber criminals might try to attack and what to watch out for.
Cyber criminals tend to have poor online etiquette. Language is often aggressive and commanding, and tries to coerce the reader into sharing information, clicking a link or installing software.
The sophistication is growing. It’s no longer easy to dismiss potential phishing attempts from their poor design or spelling and grammar mistakes. Users must be able to recognise the innocuous questions – something as simple as ‘Are you at your desk?’ that can be the first step in an attempt to infiltrate a business. If you’re asked to keep the conversation private and do something urgently, scrutinise the sender and act with caution.
Most importantly, have a plan for when something goes wrong. ‘It’s not if, but when’ has become a cyber security cliché but everyone slips up at some point. Make sure, when it happens, you can detect the issue quickly and your incident response processes make sure it doesn’t become a crisis.