InfoSec receives many questions from Akamai customers on a daily basis. Yesterday, someone asked if we had a case study on attack vectors against the 2012 London Olympics. The customer has a big event coming up, and wanted a picture of what they're up against -- and how they can defend against it all to keep their sites running smoothly.
As it turns out, CSIRT Director Michael Smith wrote something on that very subject.
What follows is the full write-up Michael did in advance of the London games. I think you'll find it useful. If you're concerned about details you don't see covered below, let me know and we'll work to address what's on your mind. Remember, this was written before the 2012 Olympics, so it's in the future tense.
Online Attacks and Large Online Events
The upcoming Olympic Games, much like other widely publicized, international events, offer unique challenges for online security. In the course of any given year, Akamai supports many of these online events including concerts, sporting competitions, elections, and other newsworthy happenings. Because of this, we've had substantial visibility into the various ways the "bad guys" may try to take advantage of an online event for their own gain. As important, these events typically involve a variety of online components - from live streaming to commerce - that providing a significant amount of attack surfaces for the event's security staff to protect.
The primary concern when supporting a large event is that online resources may be built in a hurry and then receive a sudden influx of users. As such, there are time and effort constraints to securing these websites and the infrastructure that carries them. Usually as the security team for the event, you do not have a lot of historical Internet traffic to define what is "normal" so you have to rely on attack trends from other events and threat intelligence to detect any new techniques that specifically are targeting your event.
One thing you need to be prepared to defend against is Denial of Service (DoS) attacks, where the attacker disrupts the operation of an online service such as a livestream or website. Highly visible event websites are prime targets and a cleverly-conducted Distributed DoS attack looks like a flash mob of legitimate users that are coming to a website.
The high visibility for events such as the Olympics can also prompt defacement style attacks. Because the event draws a large volume of website users, hacktivist groups wishing to propagate their messages can alter the event's website to display their message to a broad audience and to generate headlines that create awareness for their cause.
In a similar vein, most large events have a scheduling site or a storefront where they sell tickets, memorabilia, or other services. These can be prime targets for data exfiltration for anything from email addresses to passwords to credit card information to VIP contact information.
Data breaches can also lead to inappropriate information disclosure. Although not a big fear for a real-time event such as the Olympics but for events with a predetermined outcome such as awards ceremonies, attackers can access the results before they are officially released - this can lead to significant audience loss and loss of revenue. The loss of revenue could happen as a result of actual content theft where attackers make a copy of the event content available on their own website or on portable media.
Significant interest in an event may make associated online assets a possible target for distributors of malware. In this situation, attackers would alter the website in a non-obvious, non-visible manner to serve hooks to malicious content that runs on the users' computer and installs other software such as viruses, keyloggers, and the Zeus banking trojan.
And unfortunately, the event organizers and their online assets are not always the sole target. Event audiences can also be targets. Vehicles could include phishing, spam, and malware email where attackers seek a wide variety of goals such as stealing information from the user's computer, implanting viruses on the user's computer, and conducting outright scams involving selling counterfeit tickets, VIP passes, and fraudulent "discount tickets" to unsuspecting consumers.
Overall, the trick to keeping online events as safe as possible is to understand your potential adversary based on previous trends and current capabilities and understand how they're most likely to attack, the motivation for the attack, and countermeasures that you can implement. Doing so will help you apply the right defenses to the right assets and have a successful event.