The FIFA World Cup kicks off in the Luzhniki Stadium in Moscow in a few days time. It will be the biggest sporting event in the world this year, with more than 1.6 million tickets already sold. Fans will be travelling from 32 different countries to the tournament. This would make them a very tempting target for cyber criminals.
Hackers get extra creative around big events
Fans attending the event will be logging online via different, less secure, networks, than they usually do. They might act differently, perhaps influenced by the euphoria of the event. At this point, people are likely to be buying tickets online. Not to mention conducting all sorts of other financial related transactions, many through different channels.
They are also likely to use local wi-fi hubs in airports, hotels and restaurants that are open networks. This allows others to view and steal sensitive information sent via the hub. The Football Association is reportedly providing its own secure wi-fi network for England players. This is to avoid them falling victim to such attacks.
It is a documented fact that fans travelling internationally to attend high-profile sporting events are likely to receive phishing attack messages. Phishing-related spam increased by more than 40% during the World Cup in Germany as long ago as 2006. Fans caught up in the emotion of the event are more likely to use social medias in an more unguarded way than normal.
The damage extends far beyond the stadium.
Getting hacked at the event is one thing. However, fans, and their family and friends back home, can also fall victim to the stranded traveller scam. In this scam, their email account is hijacked and messages are sent to those back home claiming to be the traveller in need of urgent funds.
The administration of the tournament itself could also be vulnerable to attack on its own IT networks and ticketing operations. Distributed denial of service attacks are becoming increasingly common against Internet of Things devices. In May, during the Champions League final in Ukraine, officials warned against a DDoS attack and were actively expecting it.
Difficulties experienced by fans could also be brought back to their home country. This can happen through malware installed on their mobiles devices or/and compromised network access passwords. This summer your corporate security perimeter could extend as far as Russia.
Do you have any employees travelling to the World Cup?
You should advise them to take the following precautions where possible:
- Avoid using any public wi-fi network and use only private wi-fi networks or virtual private networks that encrypt data.
- Avoid taking any mobile devices that are not absolutely essential to the trip.
- By extra vigilant when using social media during the trip. Don’t give any strangers access to your social media accounts.
- Watch out for emails from non-trusted sources or containing links or attachments.
- Warn family and friends against the stranded traveller scam.
Now, with that done, you can grab a cold beer, not worry about a World Cup cyber hangover and just enjoy the football!
Sonny Sehgal
Head of Cyber Security
