Skip to main content
Articles

World Cup Cybersecurity: What You Should Know

By June 22, 2018#!28Thu, 28 Feb 2019 10:40:21 -0300p2128#28Thu, 28 Feb 2019 10:40:21 -0300p-10America/Sao_Paulo2828America/Sao_Paulox28 28am28am-28Thu, 28 Feb 2019 10:40:21 -0300p10America/Sao_Paulo2828America/Sao_Paulox282019Thu, 28 Feb 2019 10:40:21 -03004010402amThursday=904#!28Thu, 28 Feb 2019 10:40:21 -0300pAmerica/Sao_Paulo2#February 28th, 2019#!28Thu, 28 Feb 2019 10:40:21 -0300p2128#/28Thu, 28 Feb 2019 10:40:21 -0300p-10America/Sao_Paulo2828America/Sao_Paulox28#!28Thu, 28 Feb 2019 10:40:21 -0300pAmerica/Sao_Paulo2#No Comments

Events such as world Cup inspire us and show the world the power of teams working together and individuals with strength and determination & #8211; These events are a time of national pride, excitement, and pleasure.

THE safety Enhanced at these events often focuses on physical security, with increased local police, physical barriers, and identification checks. However, such measures should not ignore the need to increase cyber security & #8211; not only because of the expanding digitization of sports facilities, but because the very attributes that make these events valuable open additional avenues for social engineering.

Malicious actors can catch fans caught up in the excitement of a match or gain access and release confidential information in a moment of carelessness. Raising awareness, implementing preventative measures and eliminating the use of digital devices (where practical) would lower the risk level in international sports competitions.

Three primary groups are particularly at risk during global sporting events:

  • Fans and game participants, including foreigners and celebrities;
  • Athletes who participate in the games and those who support them;
  • Sports venues, including computer systems that govern the entire event.

Fan Info as a Target

The biggest sporting events allocate over one million tickets, judging by the coverage of the New York Times of a major sporting event in February 2018. Tickets for the Russian World Cup in June have already exceeded 1.6 million, according to FIFA & #8211; highlighting the number of tickets. potential victims for cybercriminals, hacktivists and cybernetic actors of the nation state.

Financially motivated malicious actors are likely to see significant fan targeting opportunities & #8211; particularly if they can exploit online ticket sales or transactions conducted in an unsafe environment & #8211; As hackers and cyber actors from countries should seek access to information and websites that is politically advantageous, now or in the future.

Fans traveling internationally to attend high-level sporting events are more likely to receive phishing messages & #8211; phishing-related spam actually increased by over 40% during the 2006 German World Cup, according to Comsec Group.

In these attacks, seemingly legitimate communications invite recipients to click on a link or file that will download and activate malicious software on their devices. Cunning cyber actors are likely to explore factors that can slow vigilance for malicious messages, such as fans' wishes to congratulate and promote their teams, or to share their experiences on social media.

In addition to phishing attacks, fans can inadvertently expose themselves to malware using unsafe Wi-Fi, including open networks available at airports, hotels and restaurants. One of these attacks prompts users to update the software on their mobile devices and instead installs malware on the device. Unsecured Wi-Fi lets others see any sensitive information sent over the network, including usernames and passwords, financial information, and private documents.

The fans & #8211; and his family and friends at home & #8211; They can also fall victim to the traveler's scam. In this attack, malicious actors hijack the email account of someone traveling abroad. With this privileged access, they can send targeted messages to friends and family, claiming to be the traveler who desperately needs funds quickly.

Laws and policies governing personal information and surveillance vary from country to country. Some national governments have warned their citizens, prior to past global sporting events, not to carry electronic devices or to clean their devices of any sensitive material and to consider using a device #8220; burner & #8221; to avoid host country surveillance.

For fans traveling to global sporting events, we recommend the following measures to improve cyber security:

  • Be highly suspicious of messages that contain links or attachments.
  • Avoid using public WiFi. Use a private Wi-Fi or virtual private network (VPN) that encrypts data to mitigate some risks.
  • Warn family and friends of potential fraud.
  • Be careful where and how you use a credit card for payment. If in doubt, use money to avoid compromising financial information.
  • Make sure all devices you bring have the latest operating system and applicable patches installed before you leave.
  • Consider bringing a burner phone where you use a SIM card purchased at your destination with cash and avoid bringing in additional electronics.
  • Avoid accessing social media or email.
  • Consider going “off the grid” while traveling except for emergency communications.

Athletes under cyber attack

Athletes, sports clubs and sports agencies have become frequent victims of cyber attacks and information leaks over the past two years, as noted by the The Telegraph. The upcoming World Cup will provide an ideal opportunity for cyber actors seeking greater attention for their actions.

Hackers and nation-backed actors who seek to tarnish the reputation of athletes, teams or their countries may find a worldwide sporting event an ideal setting for spreading derogatory information. In addition, cyber criminals or malicious agents hired by an opposing team have an incentive to steal valuable information about game tactics or financial data to affect high risk games.

In the fall of 2016, a group of hackers released classified information about athletes acquired from databases on World Anti-Doping Agency (WADA) networks, according to a public statement by WADA. The statement further explains that attackers used targeted phishing attacks against multiple WADA accounts, eventually gaining login credentials, allowing unauthorized access to the system. In April 2017, the International Association of Athletics Federations (IAAF) reported that the same group broke into its system to provide information on drug-exempt athletes.

Athletes and supporters alike face potential threats from opposing teams, judging from previous precedents. In 2015, people working for St. Louis Cardinals, a US baseball team, were investigated by the FBI for allegedly breaking into sensitive networks belonging to a rival team, the Houston Astros, according to The New York Times.

Some teams are already implementing additional security measures to prepare for the World Cup in June this year. According to The Guardian, the Football Association will provide its own secure Wi-Fi to players and warn them about posting information that may reveal the team's location, the choice of players for the game or the tactics.

Athletes and their supporters can follow similar practices to improve cyber security during games:

  • Hire a CISO to manage teams.
  • Increase awareness of potential attack vectors, including suspicious links or attachments in emails and requests to update software systems.
  • Prohibit players from connecting to unsafe Wi-Fi networks and provide a separate and secure network for the team.
  • Protect any computer equipment that staff can use by installing the latest versions of operating systems and patches and disabling unused ports, unused accounts, and file and printer sharing.
  • Limit the use of social media and email by players, coaches and support teams.
  • Consider asking players or support staff to leave the grid immediately before and during major sporting events.

Vulnerabilities in cyber-attack facility management will likely grow

As sporting venues, scoring equipment, and communication with journalists and fans become increasingly digitized, cyber risks related to event management tend to grow exponentially. Nation-backed actors or hacktivists can seize the opportunity to compromise the integrity of networks that control event venues, especially when controversial political events fit into the planned games. Cybercriminals and attackers hired by opposing teams may be motivated to fix a match by tampering with cameras used to assist referees, scoring systems or power networks that support the games.

According to a report by the University of California, Berkeley Long-Term Cybersecurity Center, the most common threats to sites today include attacks on IT systems and ticket operations & #8211; but in the future may include devices that would affect the integrity of the game itself. Some worrying incidents at sporting events have already taken place, such as the cyber attack at the 2003 Pan American Games in the Dominican Republic, which prevented scores from reaching journalists and fans, according to the Security Department.

Industrial control systems, power grids, and Internet of Things (IoT) threats can further complicate cyber security for sport event managers, and an appropriate response will likely involve close coordination with national cyber security units or even organizations. such as Interpol. In March 2018, Interpol held a conference to discuss sports safety, addressing topics such as IoT and appropriate risk management.

Distributed Denial of Service (DDoS) attacks are increasing in volume & #8211; particularly on IoT devices & #8211; doubling over a six-month period by mid-2017, according to a Corero report. IoT devices often lack adequate security measures, such as updated firmware, firewalls, or strong passwords during installation, with the potential to wreak havoc as a major sporting event is in full swing.

On May 23, 2018, Reuters reported how Ukraine raised alarms that a DDoS malware attack on routers would interfere with the Union of European Football Associations (UEFA) football final in Ukraine later that week. Fortunately, the warning appeared to inoculate the attack event.

We recommend the following measures for sports event managers to improve cyber security:

  • Have a cyber security response team and a CISO.
  • Coordinate with national and international cyber security units to implement a collaborative approach.
  • Employ the services of cyber security providers.
  • Be prepared for a large volume of attacks and test response mechanisms to ensure they can handle the load.
  • Isolate systems from the internet (when possible).
  • Be wary of adopting new technologies for tasks central to the integrity of the game. Consider whether analog systems will be more appropriate for some functions.

From high publicity around global sporting events to the lucrative nature of exploiting expensive ticket transactions, malicious actors will have many reasons to reach fans, athletes and venues at this year's World Cup. Potential victims can help narrow down attack opportunities by maintaining a higher level of vigilance, employing security best practices such as software updates and patches, and being judicious about the use of technology, including disabling when appropriate.

Original Text: IBM Security Intelligence June 6, 2018  |  By Camille Singleton

Leave a Reply