Tuesday, May 6, 2025
HomeCyber Security NewsHackers Attacking Global Sporting Championships Via Fake Domains To Steal Logins

Hackers Attacking Global Sporting Championships Via Fake Domains To Steal Logins

Published on

SIEM as a Service

Follow Us on Google News

Cybercriminals online take advantage of well-known events to register malicious domains with keywords related to the event, with the intention of tricking users through phishing and other fraudulent schemes. 

The analysis examines event-related abuse trends across domain registrations, DNS and URL traffic, active domains, verdict change requests, and domain textual patterns, with specific examples from the 2024 Paris Olympics.

 The landing page of the fake cryptocurrency scheme leveraging the Olympics.

They leverage high-profile events to register deceptive domains mimicking official websites, aiming to defraud users with counterfeit goods and fraudulent services, potentially reaching millions of unsuspecting individuals.

- Advertisement - Google News

Leveraging 2024 MITRE ATT&CK Results for SME & MSP Cybersecurity Leaders – Attend Free Webinar

During the COVID-19 pandemic, threat actors capitalized on the crisis by launching targeted phishing attacks against government and medical institutions, as well as distributing malicious software disguised as COVID-19-related content to compromise systems and steal sensitive data.

Cybercriminals exploited the ChatGPT hype by creating fake tools and services, tricking users into revealing sensitive information or downloading malware, demonstrating their ability to capitalize on global trends.

By capitalizing on high-profile events, they are registering deceptive domains, leveraging DNS traffic anomalies, and employing unusual URL patterns, as analyzing domain registration trends, textual patterns in malicious domains, and verdict change requests can help identify and mitigate these threats.

Screenshots from a fake internet data giveaway scam.

Daily new domain registrations for event-related keywords are used to identify potential cyberthreats, as by comparing average daily registrations with suspicious domains linked to C2, ransomware, malware, phishing, or grayware, researchers highlight potential risks associated with trending events.

They used to identify textual patterns indicative of malicious intent, and by examining keywords, domain structure, and TLDs, we quantified the prevalence of suspicious domains associated with specific keywords and TLDs, providing insights into attacker preferences and potential red flags.

DNS traffic analysis reveals patterns in user behavior and potential malicious activity. Significant fluctuations or anomalies in DNS traffic, particularly for specific domains, may signify unusual network activity like command-and-control communications, especially during high-profile events. 

The analysis of NRDs through URL traffic reveals trends in both overall and suspicious traffic, including significant spikes during current events, which indicates potential attacker exploitation of event topics, likely through phishing website visits.

The top 10 frequently visited domains for DNS and URL traffic to identify trends, understand shifts in user interest, and potentially detect emerging threats posed by newly popular domains. 

Palo Alto Networks Test-A-Site experiences fluctuations in domain recategorization requests, including false positives and negatives, which are often triggered by sudden events and can cause significant spikes in request volume within short periods.

Threat actors target high-profile events, leveraging deceptive domains, phishing, and malicious traffic.

Security teams can proactively mitigate risks by monitoring domain registrations, textual patterns, DNS anomalies, and change request trends to identify and block malicious domains and thwart opportunistic scams.

Analyse Real-World Malware & Phishing Attacks With ANY.RUN - Get up to 3 Free Licenses

Aman Mishra
Aman Mishra
Aman Mishra is a Security and privacy Reporter covering various data breach, cyber crime, malware, & vulnerability.

Latest articles

Darcula PhaaS: 884,000 Credit Card Details Stolen from 13 Million Global User Clicks

The Darcula group has orchestrated a massive phishing-as-a-service (PhaaS) operation, dubbed Magic Cat, compromising...

Microsoft Resolves Group Policy Issue Blocking Windows 11 24H2 Installation

Microsoft has resolved a critical enterprise-focused bug that blocked organizations from deploying Windows 11...

DragonForce Ransomware Targets Major UK Retailers, Including Harrods, Marks & Spencer, and Co-Op

Major UK retailers including Harrods, Marks and Spencer, and Co-Op are currently experiencing significant...

OpenAI Shifts For-Profit Branch to Public Benefit Corporation, Staying Under Nonprofit Oversight

Landmark organizational shift, OpenAI announced its transition from a capped-profit LLC to a Public...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Darcula PhaaS: 884,000 Credit Card Details Stolen from 13 Million Global User Clicks

The Darcula group has orchestrated a massive phishing-as-a-service (PhaaS) operation, dubbed Magic Cat, compromising...

Microsoft Resolves Group Policy Issue Blocking Windows 11 24H2 Installation

Microsoft has resolved a critical enterprise-focused bug that blocked organizations from deploying Windows 11...

DragonForce Ransomware Targets Major UK Retailers, Including Harrods, Marks & Spencer, and Co-Op

Major UK retailers including Harrods, Marks and Spencer, and Co-Op are currently experiencing significant...