Hackers will definitely target Football World Cup, infosec pros believe
14 June 2018 |
Back in February, a high profile cyber attack froze the official website of the Pyeongchang Winter Olympics for around 12 hours, minutes before the event's opening ceremony was to take place.
Interestingly, the cyber attack took place within days after an IOC panel refused permission for fifteen previously-banned Russian athletes and support staff from participating in the Winter Olympics.
A recent survey of 326 information security professionals carried out by Lastline has revealed that a majority of such professionals believe that the Football World Cup, which is being hosted by Russia for the first time in the event's history, could meet a similar fate.
72% sure about World Cup infrastructure being targeted
While 72 percent of infosec professionals are anticipating a high-profile cyber attack to take place during the event, over 70 percent of them believe that such attacks will be carried out on network infrastructure either using DDoS attacks or by targeting social media channels.
At the same time, 44 percent of security professionals believe hackers could target email correspondence during the event and another 47 percent believe hackers may exploit vulnerabilities in mobile communications.
"Cybercriminals do not exist in a vacuum. They will be aware of the immense media scrutiny the World Cup will be under, and will be hoping to capitalize on this as well as the financial opportunities such a unique event presents," said Andy Norton, director of threat intelligence at Lastline.
"While we do not know where the threat will come from, or what form it will take, it’s highly likely that cybercriminals are devising plans for a cyberattack. The attack vectors used will vary depending on the threat actor and their individual motivations.
"An event like this, could see many different forms of attack from fake ticket spam to infiltration attempts into governing body infrastructure or even destructive payloads witnessed at the recent winter Olympics," he added.
Despite being aware of such threats, many security professionals are not taking basic security precautions to protect their organisations from being affected as 83 percent of them believe cyber threats during the World cup will not affect their organisations.
While 30 percent of them are willing to wait till the event gets over to fix urgent corporate security issues, another 40 percent are planning on using a work device or working hours to watch a match, even if this was against corporate policy.
Concerns over the online security of England players
This isn't the first time that concerns have been raised about the threat of cyber attacks during the World Cup. As early as in September last year, the Football Association said in a letter to FIFA that it feared England footballers and other staff could be targeted by Russian hackers prior to and during the World Cup in Russia.
"In its reply, FIFA has informed the FA that it remains committed to preventing security attacks in general and that with respect to the Fancy Bears attack, in particular, it is presently investigating the incident to ascertain whether FIFA's infrastructure was compromised," said a FIFA spokesperson.
"Such investigation is still ongoing. For the purposes of computer security in general, FIFA is itself relying on expert advice from third parties. It is for this reason that FIFA cannot and does not provide any computer security advice to third parties," the spokesperson added.
In line with its concerns, the FA also advised footballers and other staff not to connect their devices to public Wi-Fi hotspots to ensure their security and privacy. At the same time, the FA decided that it will strengthen firewalls and encrypt passwords prior to the World Cup to ensure hackers do not get their hands on sensitive tactical information.
Latest posts by Jay Jay (see all)
- U.S. Justice Dept investigating theft of trade secrets by Huawei - 17th January 2019
- Collection #1 data breach: 773m emails & 21m unique passwords exposed - 17th January 2019
- Majority of companies cannot detect IoT device breaches, survey reveals - 15th January 2019
- GDPR compliance, phishing emails top concerns for SMEs in 2019 - 15th January 2019
- Widely-used PremiSys access control system features four zero-day vulnerabilities - 14th January 2019