In the wake of a series of deadly bombings in the region, a direct threat from a major terrorist leader and a stream of sobering warnings from American security experts, computer users could be forgiven for taking an interest in an email with the subject line “Terrorist Threat to Sochi Olympics.”
But if they clicked on the attachment in that email, they may have made things a lot worse for themselves.
According to Symantec, a top U.S. cyber security firm, during the Olympics hackers preyed on spreading fears of a potential attack on the Games to try and trick users into downloading malicious software. In one case the software was a fairly common Trojan that offers hackers a back door into the infected computer and can be capable of recording the legitimate users’ keystrokes – a popular way for hackers to steal passwords and other confidential information.
“While the email does not look professional, the curiosity for the content can still be enough to persuade an individual to open the attachment,” Symantec wrote on its blog.
Sending legitimate-seeming emails to interested parties and tricking them into downloading malicious programs has long been a tactic for hackers, and researchers have for years seen the growing use of “social engineering” in the attacks, meaning the hackers target specific entities with lures tailored just for them – a tactic known as spear phishing.
“These attacks highlight the ongoing need for vigilance when receiving any unsolicited emails. They also reinforce what is already known – targeted attackers are quick to make use of the latest news or events to enhance the chances of success for their social engineering ploy,” Symantec said.