It has taken 7 years and an unprecedented $51 billion dollars to prepare Sochi, Russia’s traditional summertime seaside resort for the 2014 Winter Olympics. Russia is deploying the biggest security force in the games’ history and the U.S. and other countries are also sending security teams of their own. Despite these precautions, Russia’s cybercriminals are already preparing for the Sochi Olympics.
Cybercriminals have a history of exploiting global high profile events. The Beijing Olympics is a great example where cybercriminals created fake websites that mimicked the legitimate event. Russian cybercriminals, in particular, are known to be highly experienced at this, and consequently US CERT is already issuing warnings about what to expect.
NBC’s news investigation into Russian malware at Sochi claimed that Sochi visitors would be targeted and their devices would likely be compromised within a matter of hours. Our perspective is slightly different. While it’s true Russia is a high risk environment, this doesn’t mean that you will be hacked the moment you step off the plane. In fact by just following a few common sense recommendations we believe that everything will be OK.
In 2013, we found that 62.91% of Lookout devices in Russia encountered mobile malware. That’s double China’s encounter rate of 28.45% and an almost 15 times greater chance of encountering malware than in the US (4.22%).
People are much more likely to consume what they feel is relevant to them, therefore Russian malware writers use advertisements dressed to match current events to lure victims. As a result, Russian malware authors rapidly adapt to major events that are likely to have a large audience, dressing their malware with images and text to make it appear relevant to that event. Finally, they use search engine optimization (SEO) tricks to ensure their malware comes back in the top results on any query for the targeted event.
How to Stay Safe?
Thankfully, this means there is an easy way to stay safe. Remember that malware encounter rate of 4.22% for the US? The single biggest factor behind this is that U.S. device owners predominantly download their apps from the Google Play store, while Russian users commonly sideload their apps from forums such as “4pda.ru” after allowing untrusted sources on their devices. So if you are going to the Sochi games, try not to worry too much, and instead make sure you follow these simple steps in order to stay safe.
- Prevent unauthorized third parties from tampering with your device. Don’t leave your device unattended, and ensure you have a strong PIN code on your device’s lock screen. A passcode is your first line of defense against unauthorized parties should your device fall into the wrong hands. Consider enabling “Device Encryption” as an additional layer of defense for your data.
- Download a mobile security app. Ensure you use a security application such as Lookout Mobile Security. Lookout will protect against mobile threats, such as malware and spyware, and help you recover your device if lost or stolen.
- Don’t download and install applications from untrusted sites. Make sure the “Unknown Sources” setting remains unchecked to block any attempts to do so.
- Don’t open suspicious attachments or install suspicious files. If you see a strange file appear on your device or an application prompts you to install it, delete it and don’t install. Likewise, do not open attachments in suspicious emails. If in doubt, check with the person that sent the attachment to ensure it is genuine.
- Only use Wi-Fi that you trust. If there is any doubt use 3G/4G Internet instead.
- Don’t connect your device to unknown computers. Only use your own charger or a charger that you trust to prevent a fake charger from attacking your device or attempting to steal your data.
- Only unlock your bootloader and jailbreak your device if you fully understand the risks. Take extra precaution when taking a device with an unlocked bootloader to a high risk country.