Our watch has ended. The eighth and final season of Game of Thrones finished this week, and while many have spent this season shouting at the TV, cheering on their favourite characters and getting into heavy debates with fellow fans over who deserves to sit on the throne, Kaspersky has discovered that the show has also triggered a spike in cybercriminal activity.
Kaspersky Lab researchers found that the premiere of each episode was accompanied by a long tail of attacks targeting users who were trying to download the newly released episode. Instead of finding out the fate of the Starks, they received malware disguised behind the name of the show.
Some episodes proved significantly more toxic than others, with the 3rd episode triggering the highest number of detected attempts to attack users, reaching 3,000 attacks a day at its peak.
Experts expect that the concluding episode’s release has attracted further attacks from scammers as malware distributors start offering potential viewers access to the complete season.
Overall, after tracking associated malicious activity through the entire eighth season, Kaspersky lab researchers found that the average daily number of attacks on users that involved malware disguised as an episode of Game of Thrones, was around 300-400. This number jumped to around 1,200 for the three to four days following the release of each new episode: a three- to a four-fold increase in malicious activity.
Another attack vector associated with Game of Thrones is streaming-websites that invite users to watch newly released Game of Thrones episodes for free, but which are actually designed to extract sensitive data from users. Typically, the online-player icon shows a scene from the TV-show and redirects the victim to a registration page, later asking for bankcard details with the CVC/CVV-code, claiming it is only for validation purposes. Researchers have pointed out the similarities between this scheme and recent scams surrounding the latest Avengers movie.
“We see shared TTPs (tactics, technics and procedures) across the phishing websites where scammers try to steal users’ details by promising a pirated movie before its official premiere. We believe there is a certain group of threat actors that methodically hunts fans of popular movies and TV-productions, adjusting schemes dynamically according to pop-cultural happenings,” said Tatyana Sidorina, security researcher at Kaspersky Lab.
To avoid falling victim to scammers, Kaspersky advises GoT fans to:
– Avoid questionable websites, especially the ones that distribute pirated content.
– Don’t enter any information — especially credit card details — on a website you have no reason to trust.
– Do not use the same password for different web pages. Use a password manager instead.
– Use reliable antivirus software with protection from online scams and phishing.