Fancy Bear—also known as Strontium or APT28—an alleged Russian state-sponsored espionage group, reportedly has started attacking anti-doping authorities and sporting organizations leading up to the 2020 Tokyo Olympics. The majority of the attacks by the advanced persistent threat (APT) hacking group have not been successful, although some were. According to Tom Burt, the corporate vice-president of customer security and trust at Microsoft, “At least 16 national and international sporting and anti-doping organizations across three continents were targeted in these attacks.”
Fancy Bear used simple spear phishing and brute force password spraying, taking advantage of poor security hygiene—the lack of seriousness organizations and people have with regard to password hygiene is concerning. In August 2019, 4iQ surveyed more than 2,300 adults about their experience with data breaches, and found that only 15% called themselves very effective when it comes to protecting their PII, versus 23% for their employers, showing that everyday consumers feel unprepared to contend with the threats presented by cybercrime.
Microsoft advises that, to help protect yourself and your organization from this kind of attack, you take three initial steps: 1. Enable two-factor authentication (2FA) on all business and personal email accounts. 2. Learn how to spot phishing scams and protect yourself against them. 3. Enable security alerts concerning links or files from suspicious websites.