The Tokyo Olympics 2020, which was postponed to this year owing to COVID-19 fears, is now facing the new threat of cybercrime.
The news media outlet Kyodo News quoted a Japanese government official to report that user data had been harvested by threat actors who published it on the dark web. The Tokyo-based news agency claimed that data, including user IDs and passwords, had been harvested from the Olympics’ ticket platform.
The public figure reflected on the potential negative influence that the data breach would have on victims. Such a data breach would provide access to cybercriminals to collect the names, locational addresses, and banking information belonging to ticket bookers.
According to the unnamed source for Kyodo News, hackers breached the ticketing portal using the RedLine malware and other types of stealers. RedLine Stealer is typically sold across the dark web by threat actors looking to perpetrate cybercrimes.
Sold as either a standalone version or on a subscription basis, the information stealer gathers a host of information types from online browsers – they include saved credentials, information set for autocomplete, and banking data.
RedLine malware is also reported to possess a feature that enables it to conduct an infected system’s inventory. The process allows it to assess critical details such as hardware configuration, security software and location data.
Point to note, recent versions of the malicious software allow threat actors to steal crypto. The capability is coupled by RedLine’s capacity to upload and download materials, carry out commands, and convey scheduled information to an operator about the infected computer.
Conflicting Claims
News about the potential data breach came hot in the heels of a private industry alert by the Federal Bureau of Investigations (FBI), which urged the firms working with the Tokyo Olympics 2020 to brace for a wave of harmful cyber events.
The U.S. law enforcement agency cautioned organizations to beware of the potential occurrence of DDoS, ransomware, phishing and social engineering attacks by threat actors looking to negatively capitalize on the event.
Looking back, in the February 2018 Olympics, Russian threat actors used the OlympicDestroyer malware to gain entry and damage web servers during the event’s opening ceremony.
Otherwise, there have been conflicting reports about the real issues behind the recent reports of a potential data leak. A number of commentators were quick to refute the claims made by the Japanese government official, and ruled out the possibility of a data breach.
The Twitter user pancak3 published a post to provide evidence concerning the absence of dark web forums that point to an information leak. Essentially, the user asserted that the location of user data to dark web platforms may indicate that a number of users were probably affected by information stealers that serve dark web markets.
Importantly, while speaking to ZDNet, a spokesperson for the Tokyo 2020 International Communications Team dismissed the claims made by the Kyodo News source. The team’s representative voiced their awareness of a potential cyber incident, but asserted that it was not a data leak from the Tokyo Olympics 2020’s system.
The spokesperson went on to confirm that the team is currently engaging government agencies and other relevant entities concerning the matter, and that they have already set mechanisms in place to eliminate potential threats – including password resets to inhibit widespread damage.
Although the Tokyo 2020 system may not have been compromised after all, the official’s statement reflects the high possibility that certain user data has been exposed to unauthorized actors. It is highly likely that a number of users have unknowingly become exposed to cybercriminals looking to employ stolen data in carrying out illicit schemes.
The Tokyo Olympics 2020, which was postponed to this year owing to COVID-19 fears, is now facing the new threat of cybercrime.
The news media outlet Kyodo News quoted a Japanese government official to report that user data had been harvested by threat actors who published it on the dark web. The Tokyo-based news agency claimed that data, including user IDs and passwords, had been harvested from the Olympics’ ticket platform.
The public figure reflected on the potential negative influence that the data breach would have on victims. Such a data breach would provide access to cybercriminals to collect the names, locational addresses, and banking information belonging to ticket bookers.
According to the unnamed source for Kyodo News, hackers breached the ticketing portal using the RedLine malware and other types of stealers. RedLine Stealer is typically sold across the dark web by threat actors looking to perpetrate cybercrimes.
Sold as either a standalone version or on a subscription basis, the information stealer gathers a host of information types from online browsers – they include saved credentials, information set for autocomplete, and banking data.
RedLine malware is also reported to possess a feature that enables it to conduct an infected system’s inventory. The process allows it to assess critical details such as hardware configuration, security software and location data.
Point to note, recent versions of the malicious software allow threat actors to steal crypto. The capability is coupled by RedLine’s capacity to upload and download materials, carry out commands, and convey scheduled information to an operator about the infected computer.
Conflicting Claims
News about the potential data breach came hot in the heels of a private industry alert by the Federal Bureau of Investigations (FBI), which urged the firms working with the Tokyo Olympics 2020 to brace for a wave of harmful cyber events.
The U.S. law enforcement agency cautioned organizations to beware of the potential occurrence of DDoS, ransomware, phishing and social engineering attacks by threat actors looking to negatively capitalize on the event.
Looking back, in the February 2018 Olympics, Russian threat actors used the OlympicDestroyer malware to gain entry and damage web servers during the event’s opening ceremony.
Otherwise, there have been conflicting reports about the real issues behind the recent reports of a potential data leak. A number of commentators were quick to refute the claims made by the Japanese government official, and ruled out the possibility of a data breach.
The Twitter user pancak3 published a post to provide evidence concerning the absence of dark web forums that point to an information leak. Essentially, the user asserted that the location of user data to dark web platforms may indicate that a number of users were probably affected by information stealers that serve dark web markets.
Importantly, while speaking to ZDNet, a spokesperson for the Tokyo 2020 International Communications Team dismissed the claims made by the Kyodo News source. The team’s representative voiced their awareness of a potential cyber incident, but asserted that it was not a data leak from the Tokyo Olympics 2020’s system.
The spokesperson went on to confirm that the team is currently engaging government agencies and other relevant entities concerning the matter, and that they have already set mechanisms in place to eliminate potential threats – including password resets to inhibit widespread damage.
Although the Tokyo 2020 system may not have been compromised after all, the official’s statement reflects the high possibility that certain user data has been exposed to unauthorized actors. It is highly likely that a number of users have unknowingly become exposed to cybercriminals looking to employ stolen data in carrying out illicit schemes.
