As a matter of fact, high-profile events on a global scale, such as the 2018 Olympic Winter Games in South Korea, have become vectors of potential infosecurity threats on multiple levels.
Indeed, hackers, aware of the immense attention these events are receiving, often use these large gatherings of people and various technologies as a real opportunity to launch malicious actions, such as personal information theft or website disruption, for financial or simple malicious purposes.
But today, some fear that these threats will become the new norm, and rightly so: the 2018 Football World Cup, which has taken place in Russia in recent days, has been much awaited by football fans but also and above all by hackers, hoping to take advantage of it and of the financial opportunities offered by such a unique event of its kind.
Targets and processes used:
Phishing, DDoS attacks, malicious software on mobiles or hacking WiFi hotspots, the processes used by hackers during this type of events, but also upstream of them, are numerous but always terribly effective. They can target not only the general public but also companies and sponsors linked in one way or another to these events or even the athletes themselves.
The preferred targets of hackers can sometimes be “surprising”: for example, the media broadcasting live matches, or online betting sites or applications are real risk areas with a very high commercial and financial impact, forcing them to invest in adequate cyber defense solutions to counter any potential attack or disruption.
As far as the processes used are concerned, a few examples of which have already been mentioned, we can, for example, talk about mass phishing, with the aim of deceiving supporters the world over. These campaigns use several types of traps, all more effective than each other, such as offers to sell tickets at low prices, trips to Russia to win, promises of goodies… The objective here remains to deceive the eye of an unwise user, the general public, a non-qualitative but quantitative target in order to recover banking information.
As we’ve seen, the financial motivation is largely part of the explanation of the presence of such massive cyber-attacks during these events. But in recent times, geopolitical factors have also begun to play an important role in the implementation of these attacks, which may then increase tensions between some of the participating countries. Undercover by hacktivism and given the current geopolitics, the Football World Cup offers the opportunity to launch “state-sponsored” attacks against certain political enemies.
The English Football Federation on its guard
The English Football Federation is concerned today (and was concerned upstream the World Cup) about cyber security for the 2018 World Cup in Russia, due to recent piracy attacks by FIFA and the IAAF, but also various piracy and attacks during previous editions of the event or the recent Olympic Games.
While FIFA is now committed to putting in place a range of good practices and solutions, and to severely punishing any attempt of hacking, trust does not seem to be the order of the day for the British team’s staff, who have briefed their players to comply with strict guidelines. For example, they were advised not to use public Wi-Fi, including hotel connections, and to monitor their behavior on social media.
The 2018 World Cup, like most high-profile global events, will be exposed to cyber risks, whether motivated geopolitically or simply for profit: it is therefore essential, for the general public as well as for those directly involved in this major event, to take a number of precautions to limit the risk and exposure of data before and during the event.