Cyber Security News

Hackers Attacking Global Sporting Championships Via Fake Domains To Steal Logins

Cybercriminals online take advantage of well-known events to register malicious domains with keywords related to the event, with the intention of tricking users through phishing and other fraudulent schemes. 

The analysis examines event-related abuse trends across domain registrations, DNS and URL traffic, active domains, verdict change requests, and domain textual patterns, with specific examples from the 2024 Paris Olympics.

The landing page of the fake cryptocurrency scheme leveraging the Olympics.

They leverage high-profile events to register deceptive domains mimicking official websites, aiming to defraud users with counterfeit goods and fraudulent services, potentially reaching millions of unsuspecting individuals.

Leveraging 2024 MITRE ATT&CK Results for SME & MSP Cybersecurity Leaders – Attend Free Webinar

During the COVID-19 pandemic, threat actors capitalized on the crisis by launching targeted phishing attacks against government and medical institutions, as well as distributing malicious software disguised as COVID-19-related content to compromise systems and steal sensitive data.

Cybercriminals exploited the ChatGPT hype by creating fake tools and services, tricking users into revealing sensitive information or downloading malware, demonstrating their ability to capitalize on global trends.

By capitalizing on high-profile events, they are registering deceptive domains, leveraging DNS traffic anomalies, and employing unusual URL patterns, as analyzing domain registration trends, textual patterns in malicious domains, and verdict change requests can help identify and mitigate these threats.

Screenshots from a fake internet data giveaway scam.

Daily new domain registrations for event-related keywords are used to identify potential cyberthreats, as by comparing average daily registrations with suspicious domains linked to C2, ransomware, malware, phishing, or grayware, researchers highlight potential risks associated with trending events.

They used to identify textual patterns indicative of malicious intent, and by examining keywords, domain structure, and TLDs, we quantified the prevalence of suspicious domains associated with specific keywords and TLDs, providing insights into attacker preferences and potential red flags.

DNS traffic analysis reveals patterns in user behavior and potential malicious activity. Significant fluctuations or anomalies in DNS traffic, particularly for specific domains, may signify unusual network activity like command-and-control communications, especially during high-profile events. 

The analysis of NRDs through URL traffic reveals trends in both overall and suspicious traffic, including significant spikes during current events, which indicates potential attacker exploitation of event topics, likely through phishing website visits.

The top 10 frequently visited domains for DNS and URL traffic to identify trends, understand shifts in user interest, and potentially detect emerging threats posed by newly popular domains. 

Palo Alto Networks Test-A-Site experiences fluctuations in domain recategorization requests, including false positives and negatives, which are often triggered by sudden events and can cause significant spikes in request volume within short periods.

Threat actors target high-profile events, leveraging deceptive domains, phishing, and malicious traffic.

Security teams can proactively mitigate risks by monitoring domain registrations, textual patterns, DNS anomalies, and change request trends to identify and block malicious domains and thwart opportunistic scams.

Analyse Real-World Malware & Phishing Attacks With ANY.RUN - Get up to 3 Free Licenses

Aman Mishra

Aman Mishra is a Security and privacy Reporter covering various data breach, cyber crime, malware, & vulnerability.

Recent Posts

Zero-Trust Policy Bypass Enables Exploitation of Vulnerabilities and Manipulation of NHI Secrets

A new project has exposed a critical attack vector that exploits protocol vulnerabilities to disrupt…

23 hours ago

Threat Actor Sells Burger King Backup System RCE Vulnerability for $4,000

A threat actor known as #LongNight has reportedly put up for sale remote code execution…

23 hours ago

Chinese Nexus Hackers Exploit Ivanti Endpoint Manager Mobile Vulnerability

Ivanti disclosed two critical vulnerabilities, identified as CVE-2025-4427 and CVE-2025-4428, affecting Ivanti Endpoint Manager Mobile…

23 hours ago

Hackers Target macOS Users with Fake Ledger Apps to Deploy Malware

Hackers are increasingly targeting macOS users with malicious clones of Ledger Live, the popular application…

23 hours ago

EU Targets Stark Industries in Cyberattack Sanctions Crackdown

The European Union has escalated its response to Russia’s ongoing campaign of hybrid threats, announcing…

1 day ago

Venice.ai’s Unrestricted Access Sparks Concerns Over AI-Driven Cyber Threats

Venice.ai has rapidly emerged as a disruptive force in the AI landscape, positioning itself as…

1 day ago