With the torch lighting for the Winter Olympics in Pyeongchang just over a week away U.S. CERT has issued cybersecuirty guidelines for those visiting the games, tips that can also be used in any public environment.
Considering the on-the-go nature of attending the Olympics all of the recommendations center on mobile security hygiene and are very similar to what attendees of Black Hat and Def Con are told.
- Switch off Wi-Fi and Bluetooth connections when not in use.
- Use a credit card to pay for online goods and services.
- When using a public or unsecured wireless connection, avoid using sites and applications that require personal information like log-ins.
- Update mobile software.
- Use strong PINs and passwords.
Other suggestions include have two-factor authentication for your accounts, keep a screen lock active on your device and most importantly take a minute and think before you click on a link.
There have already been several hacking attempts centered on the Olympics with documents and emails stolen from the International Luge Federation being leaked and McAfee reported in early January campaign targeting organizations involved with the Pyeongchang Olympics that used the games as part of a social engineering plan to trick folks into opening phishing emails.
While nation-state backed cyberattacks cannot be ruled out, most experts believe that with North Korea now attending the games and attack from that direction is unlikely, but it does not mean the games are safe.
“The largest cyber threat to the Winter Games comes from non-state actors. Hacktivists, cyberterrorists, and fame seekers all see the Olympics as a great venue for their personal cause, whether it’s personal fame, the propaganda of a political message or harm for a political purpose,” Ross Rustici, senior director for intelligence services for Cybereason.