Cybercriminals’ World Cup Runneth Over
It’s not uncommon for major events to signal an increase in cybercrime and other global cyber threats. Much like the weeks before, during, and after the Olympic Games, a presidential election, or any major holiday, cybercriminals are taking advantage of the anticipation, celebration, chaos, and hype that surrounds the 2018 World Cup.
These threat actors capitalize on the fact that many people are less vigilant about their cybersecurity during special events. Sometimes people are simply unaware of the new, heightened risks. Sometimes, they let their emotional and logical guards down, become distracted, and cyber awareness is simply not on their minds.
Billions of people all over the world will be watching the 2018 World Cup through the final match on July 15th. It is the most widely-watched sporting event in the world.
Here are a few cybersecurity concerns to be aware of during the World Cup—whether you are front row in a Russian stadium, or watching on your laptop on the other side of the globe.
Some cybercriminals are financially motivated, and try to exploit victims through rigged online ticket sales, or other transactions conducted in non-secure environments. Web pages may promise fake giveaways, or the option for fans to purchase overpriced "guest tickets." Of course if you purchase one of these fake tickets and present it at the game, you won’t be allowed in—FIFA has very strict ticketing rules— and you’ve wasted your money. More than 3,500 of the more than 10,000 counterfeit 2018 World Cup tickets available globally were sold to Chinese football fans, who were turned away upon stadium entry.
Many global cyber threats appear as emails from total strangers attempting to steal your personal data through malicious hyperlinks or attachments promising free offers or entries into ticket draws. Don’t open emails or attachments from unrecognized senders. If the offer seems too good to be true, it probably is.
Though 1 million people are expected to travel to Russia for the World Cup, a lot more people than that will be watching from their TVs, laptops, and mobiles phones. The 2014 World Cup reached 3.2 billion viewers, with 1 billion alone watching the final!
Though there are official broadcasting channels, fans will inevitably search for streaming sources outside of the official broadcast partners and that provides a big advantage to cyber criminals who want to spread malware or steal information. Viewers should be suspicious of any so-called streaming site that demands installing software to watch the game. This is an outdated requirement for modern browsers, and is likely an attempt to steal information from your web browsing activities (like login credentials), download malicious software on your behalf, or even hijack your computing resources while allowing you to watch the game illegally.
Spear Phishing Attacks
A spear phishing email has reportedly been circulating among inboxes all over the world with the subject line “World_Cup_2018_Schedule_and_Scoresheet_V1.86_CB-DL-Manager" and aims to trick victims with a malicious World Cup schedule and results checker. If downloaded, the attachment uses a malware variant called "DownloaderGuide," which is often used to install unwanted programs, viruses, toolbars, adware, and unwanted system optimizers.
Nicknamed “Wallchart”, this isn't the first cyber threat campaign to target the 2018 World Cup and it won't be the last. It’s a good idea to employ email scanning antivirus software that alert you to phishing emails.
Outdated Software and Password Management
Attackers prey on low-hanging fruit. Ensuring that your device’s operating system, security software, apps and web browsers are all updated with the latest versions will protect against vulnerabilities. Consider using an official password management tool for password storage, and change your passwords frequently. Avoid public WI-FI, and use a VPN.
The games continue until July 15th 2018. Wherever you’re watching, be digitally vigilant throughout the World Cup!
The cybersecurity landscape is constantly evolving with new threats and new cybercriminals every day. Cybersecurity awareness is a journey, a goal that constantly evolves. For more information about the ways NC4 can help you or your organization manage cyber threats, call us at 1-877-624-4999, or contact us online.
Thanks for contacting NC4! A member of our team will be in touch with you shortly.