Large international sports events tend to attract more than just avid fans; they also garner the attention of cyber-criminals. There are few events bigger than that FIFA World Cup, and security firms are putting out warnings about various scams and other threats linked to the month-long soccer tournament, which starts June 14 in Russia. Radware and Kaspersky Lab have both recently cautioned organizations and consumers about a broad array of dangers linked to the World Cup Soccer 2018--from ticket scams, malware and data theft to nation-state cyberattacks and unreliable public WiFi hotspots in many of the cities throughout Russia that are hosting soccer matches.
“Cybercriminals and hacktivists are getting ready to disrupt the digital experience during 2018 FIFA World Cup,” Radware researchers said in an alert issued this month. “Russian authorities, sponsors, service providers, and even stadium networks are expected to be targeted throughout the months of June and July via a variety of methods for both personal gain and cyber-vandalism. [The tournament] brings large crowds to Russia, not only creating a huge demand for connectivity, but also a serious security risk for FIFA organizers, partners, sponsors, suppliers, and service providers that must be able to protect themselves and stadium networks against the threat of network- and application-attacks. The enormous demand creates a challenge of distinguishing between a flash crowd and a DDoS attack.”
According to the cyber security firm, there are myriad threats that companies and attendees need to keep in mind during the World Cup Soccer 2018 tournament. Hackers can leverage public networks in such areas as stadiums, cafes and transportation hubs to steal a range of personal data, including user names, passwords and credit card numbers. They also can take advantage of the large crowds generated by the tournament to spread malware," according to the Radware alert.
In addition, given the huge amounts of money being invested in putting on World Cup Soccer 2018, companies that are sponsoring the event are at risk of attack. Also, given that the Russia is hosting the tournament--and that the country is suspected of backing a number of high-profile cyberattacks at sporting events in neighboring countries--the threat of state-sponsored incidents is real, the researchers wrote.
They noted that Russia was suspected of having a hand in attacks during the opening ceremonies of the 2018 Winter Olympics in South Korea, and Ukraine officials said the VPNFilter, a Russian botnet, was being readied to attack the UEFA Champions League soccer match in Kiev before it was shut down.
“Radware does not have intelligence on a planned nation-state attack, but we suspect that the World Cup may attract adversaries of Russia to launch attacks,” the researcher wrote.
Kaspersky began seeing cybercriminals ramping up efforts about the time the first time World Cup Soccer 2018 tickets went on sale, in September 2017, according to Andrey Kostin, senior web content analyst at the security firm. It continued as the second phase of ticket sales began in November. Tickets went on sale again in December, and last-minute sales took place April 18.
“Every time tickets went on sale, fraudsters mailed out spam and activated clones of official FIFA pages and sites offering fake giveaways allegedly from partner companies,” Kostin told ITPro Today.
Kaspersky analysts for weeks have come out with warnings about ticket scams and the insecurity of many WiFi hotspots in Russian World Cup host cities. In the months leading up to the tournament, Kaspersky researchers saw a ramp-up in the number of scams involving tickets and other giveaways for the tournament. This included a jump in phishing pages, with the rate of cyber-scams “reaching fever pitch” as World Cup Soccer 2018 has drawn near, they wrote in a SecureList blog.
Researchers noted incidents of emailed spam and clones of official FIFA pages, as well as sites highlighting ticket giveaways that were supposedly from companies and event sponsors but were actually fake. There are also non-FIFA websites selling real tickets for games, but FIFA rules say tickets can be bought only through the organization’s official website. This means that even if the tickets bought on other sites are real, ticket holders could be turned away from the matches.
Other email scams involve telling people they won cash lotteries allegedly held by such sponsors as Microsoft and Coca-Cola, with the goal being to convince recipients to forward such data as dates of birth, telephone numbers and financial information. The messages also can contain malicious attachments, they said. Attackers also have launched fraudulent advertising campaigns offering soccer merchandise, services for transportation or rooms, and travel packages.
“The World Cup is a major, international sporting event that draws millions of visitors and viewers worldwide,” Kostin said. “Therefore, the number of potential victims is already large to begin with, meaning cybercriminals have a greater chance of their schemes operating as planned. In addition, during sporting events like the World Cup, fans often act on emotion, excitement and team pride, meaning they are more willing to click on a fraudulent link if it relates to soccer or their favorite team. The draw for cybercriminals is the financial gain of such attacks – they are looking for a large sum of money and fast. An international sporting event like the World Cup sets an easier, larger stage for these cybercriminals to act on.”
Public WiFi hotspots also are a problem, Kaspersky researchers found. They checked 32,000 public hotspots for encryption and authentication algorithms. They found that 22.4 percent of the WiFi spots in 11 host cities use unreliable networks, which means cybercriminals can easily intercept the traffic and steal user data. The cities with the highest proportion of unsecured connections were St. Petersburg at 48 percent, Kalinigrat at 47 percent and Rostov at 44 percent. Saransk was the safest, with 72 percent of access points secured by WPA/WPA2.
In all, about 75 percent of access points of those observed use encryption based on WPA/WPA2, which is among the most secure, though the researchers said they are still susceptible to such attacks as brute force, dictionary and key reinstallation.
Among the steps users can take to protect themselves when using a public WiFi network is connecting through a VPN, not trusting networks without passwords or easy-to-guess passwords, and turning off the WiFi connection whenever it’s not being used.