WatchPoint Security Blog

World Cup Cybersecurity Risks

Written by Jordan Kadlec | June 18, 2018

Photo courtesy of gazettereview.com

The World Cup kicked off on Thursday (June 14th) in epic fashion with the host country of Russia gaining a 5-0 win over Saudi Arabia. Besides keeping an eye on some of the world’s best soccer players such as Cristiano Ronaldo and Lionel Messi, we also must be aware of the potential cyberattacks that may occur over the next month of matches. Based on a survey of cybersecurity experts that attended InfoSecurity Europe 2018, over 70 percent believe there will be a cyberattack during the World Cup.

Potential Cyberattacks

3,429,873: that was the total attendance over 64 matches for the 2014 World Cup. While that number is expected to increase for the 2018 World Cup, that is also the number of potential victims hackers could expose over the next month. The question that remains, however, is what types of methods hackers will use in attempts to breach individuals’ information.

According to Conor Deane-McKenna, a Doctoral Researcher in Cyberwarfare at the University of Birmingham, public Wi-Fi could potentially be the easiest target as it’s the easiest thing for criminals to hack.

“The lax security controls on public Wi-Fi makes it easy for hackers to steal your information while browsing,” commented Deane-McKenna. “Taking control of the network, hackers have the ability to see the information sent between the device and the destination. So, if you use passwords to send sensitive information, hackers could steal that data.”

Another potential issue for match-goers is downloaded fake apps in search for cheap tickets or tickets in general. The price of tickets ranges from about $140 for group-stage matches up to about $700 for the final match. With the steep prices and overall lack of available tickets for some matches, going through untrusted third-party apps may seem like the only way for someone to see their homeland play in an event that they may never be able to see again. However, match-goers need to be aware of these fake apps as they may require individuals to enter their personal details; giving hackers all the information they need to perform malicious acts.

If you aren’t over in Russia right now, don’t think you are completely safe from cyberattacks relating to the World Cup. According to those who believe there will be a cyberattack during the World Cup, 44 percent expect phishing campaigns via email to be the primary source of attacks. Researchers from Kaspersky Lab have already spotted World Cup-themed phishing emails containing links to fake Web pages that contain promises to fake giveaways and ticket purchases. Instead, these emails aim to steal money and personal information.

How to Protect Against Cyberattacks during the World Cup

Generally, with the use of public Wi-Fi, there is no password required to gain access. When using such an unsecured network, we always recommend keeping the use of your device to minimal; especially when the device you are using contains sensitive information. NEVER send highly sensitive information over an unsecured internet connection. That is exactly what hackers want you to do.

There have been several attacks that have used third-party or “fake” apps to gather personally identifiable information on users. The World Cup, or any other highly attended event, places a major target on attendees’ back to fall subject to an information breach. Never download an application on your phone or any other device that is not readily available in the platform’s app store. Use trusted sites such as StubHub to purchase legitimate tickets and minimize the risk of falling victim to a breach or a scam.

As far as email phishing campaigns are concerned, never click on a link or open a document from an email address you do not recognize or do not trust. Always remember, users are the number one reason why cyberattacks are successful. Clicking on a malicious link or opening a document containing malicious code could lead to you and even your business to losing a significant amount of sensitive information or vast amounts of money.