The World Cup begins today. I’m not a soccer fan, but I have followed the misadventures of the World Cup preparations. We’ve heard a lot about unfinished stadiums, for example, but another concern surrounds the World Cup that isn’t getting as much attention. That’s cybersecurity, both at home and at the event itself.
Not surprisingly, you can expect phishing scams based on the World Cup. Fabio Assolini, senior security researcher at Kaspersky Lab, says there are 50 to 60 new phishing domains every day in Brazil alone. These scams are sophisticated and well designed, and because of that, are difficult to detect as spam. Assolini told me in an email:
One scam example is when criminals use legitimate SSL certificates also to infect users’ computers with malware. In one scam, users in Brazil would receive a message telling them they had won a World Cup game ticket. If a user clicked on the link to print the ticket, it led to a digitally signed Trojan banker.
I’m sure some employees may slip out of the office to work remotely from an establishment broadcasting the games. For anyone watching the games, in person or on television, while accessing public Wi-Fi, Bob West, chief trust officer with CipherCloud, warned to beware the risks of the free Internet connection. He told me:
Watch out for fake Wi-Fi networks disguised as legit ones. These are easy to create by hiding a wireless router or hotspot in the vicinity and giving the connection a plausible-sounding name like Stadium Internet. Avoid this by asking the venue for the name of their network. Otherwise, connect at your own risk – anything you send through an evil twin network is accessible to the bad guy.
By now, we should expect the bad guys to try to hijack an event like the World Cup. It seems like every event that has national (or international) interest becomes a target for cybercriminals. However, it isn’t just the folks at home watching the games or looking for tickets who are at risk of a cyberattack. Anonymous has threatened an attack on World Cup sponsors. In fact, as I write this, an article has popped up confirming that Anonymous has, indeed, followed through on its threat. According to SC Magazine:
The group – which promised last week that it would strike out in protest at the amount of money being spent on the World Cup – launched its #OpHackingCup campaign on June 11 and started by defacing eight World Cup websites and DDoSing one other – www.worldcup2014.gov.br.
Attendees are also at risk of cyberattacks. The Daily Dot reported that a review of more than 5,000 Wi-Fi networks found that at least a quarter of them offered no encryption for transmitted data, putting all sorts of information at risk.
If you’re a soccer fan, I hope you enjoy the World Cup. Just do it smartly, and encourage your employees to be security savvy, as well. It appears that the bad guys are out in force this time around.