Focusing on Cyber Threats Around FIFA World Cup in Russia
Written by Mohammed Abukhater, Vice President, MEA, FireEye
Every major event, whether sporting, political or otherwise, is a catalyst for risk – and increasingly, cyber risk. We have seen this most recently with the Olympic Destroyer attack at the Winter Olympics and we believe the upcoming 2018 World Cup will be no exception.
The main risk we see around major events is a cyber-criminal activity with a financial objective. We have already seen phishing campaigns targeting this year’s World Cup for a couple of weeks, using several methods such as low-cost ticket offers, the chance to win trips to Russia and promotions for items related to the World Cup (national team jerseys, mugs featuring players etc.).
In order to increase their credibility attackers mostly buy domains that resonate with the World Cup, so one can receive spam or phishing emails with addresses containing keywords associated with the event. The cyber criminal’s goal in this type of attack is to access your payment credentials.
The second risk we are seeing, which is likely to accelerate, is associated with the geopolitical stakes of an event. As we have seen with previous events, there’s heightened risk of denial of service attacks, with potential website defacement occurring in order to discredit the organisers. It is also an increasing risk that state-sponsored groups will attempt to destabilize the IT and EO infrastructure used during such events.
The main objective is to expose the hosting country by showing it vulnerable. From a geopolitical point of view, we also observe historically an acceleration of attacks and leaks of information trying to discredit the actions of such or such organisations, the most notorious example being the APT28 campaign against the world anti-doping agency.
The last major risk that we anticipate is the one for the traveller. During major events, we regularly observe information theft through various methods including physical hardware theft, hijacking of Wi-Fi hotspot, and so on. It is therefore important for the traveller to take precautions including encryption of data, use of terminals without sensitive information stored, use of VPN, setting up multi-factor authentication on sensitive applications, and safekeeping of equipment.
Finally, the 2018 World Cup, like any major event, will be exposed to cyber risks, whether geopolitical or criminal or by actions with an international resonance such as defacements that can be used by groups wishing to convey a message or discredit the host country of the World Cup. It is therefore essential to take a certain number of precautions limiting the risk and exposure of your data before and during the event.