Sophos reminded football fans of how cybercriminals have used people’s interest in the sport to launch cyber attacks. Football has been targeted before by those who want to turn international community events into attacks.
It’s a sad fact, that cyber-attacks often go hand in hand with major sporting events, including the World Cup, as they give cyber criminals easy access to a frequent stream of online activities from incautious soccer fans
On May 23rd this year, the Security Service of Ukraine issued a cyber attack warning that the VPNFilter malware infecting internet routers and other devices was a preparation of a cyber-attack aimed at impacting the Champions League final held that weekend in Ukraine.
During France 1998, the ZMK-J virus asked you to gamble on who would win. If you got the answer wrong, the malware triggered an exploit which was capable of wiping all the data off your hard drive. In South Korea 2002, Chick-F spread via email and instant messages, posing as a web utility which would bring up-to-the-minute results from Korea and Japan.
In Germany 2006, German malware Zasran-D infected users with a backdoor (remote access) virus under the pretense of free tickets, while South Africa 2010 saw a Frankfurt man successfully blackmail three online betting sites (and attempting to extort money from three others) by threatening them with distributed denial-of-service (DDoS) attacks which could have blasted them off the internet. In Brazil 2014, we saw websites associated with the World Cup struck by a DDoS attack ahead of the tournament’s opening match.
This year, public awareness levels are generally higher and that is a good sign. The same holds true for the participating teams. For example, the English Football Association has already warned England players to not use public or hotel Wi-Fi in Russia over fears of hacking.
Harish Chib, Vice President, Middle East & Africa, Sophos shares some tips that can help you to enjoy the game more securely:
- Do not click on links in emails, texts, instant messaging or social media posts if they come from people or organisations you don’t know, or have suspicious or unusual addresses
- It is better to install a reliable security solution with up-to-date databases of malicious and phishing sites
- Avoid using public Wi-Fi
- Watch broadcasts only on official FIFA partner websites. Some of the many match-streaming services are bound to be unofficial and out to infect visitors with a Web miner or something even nastier. Make sure you don’t take any chances: Install a solution with built-in Web anti-virus and anti-phishing capabilities
- If you are going to Russia, use a VPN to connect to the Internet. In the aftermath of the government’s attempt to block Telegram, many popular sites in Russia are either unavailable or unstable. To avoid the anguish of not being able to post a selfie of your grinning face against the backdrop of your team’s goal celebration, get connected to a VPN in advance.
- Evaluate modern email protection services, such as anti-phishing, URL protection or detonation, spoofing protection, and user activity profiles for unusual or out-of-policy activities.