The 2018 FIFA Soccer World Cup is being held in Russia June 14 - July 15, and many cybersecurity experts are warning soccer (or football, if you’re from outside the U.S.) fans that there is a significant risk of social engineering and other attacks aimed at them.
For example, experts cited by The Hill noted that “U.S. travelers should be extra cautious about what devices they bring, which servers they connect to and the types of data they access while in Moscow.”
Why do American fans traveling to the FIFA World Cup need to be so cautious? What are the risks involved with such a major sporting event—both for attendees and for businesses?
Here are a few of the reasons why cybersecurity experts are so worried about the potential for data compromise:
In the Hill article, Robert Anderson, a former national security executive with the Federal Bureau of Investigation (FBI) and current member of the Chertoff Group, highlighted concerns about the cybercrime situation in Russia, stating that “When it comes to Russia, Russia by far — more than any country in the world — is probably some of the most well-versed cyber crime, both from the organized crime side and their intelligence networks, in the world.”
For U.S. visitors to Russia at any time of year, there is always a significant risk that their personal devices might be compromised if they join any public Wi-Fi networks.
As former top cyber official for the National Security Council, Megan Stifel says in the Hill article, “I would never use public Wi-Fi over there. Ever. Period.” One careless connection could easily result in the connecting device being contaminated with malware—a sentiment that Larry Pfeiffer, former chief of staff to one-time Central Intelligence Agency (CIA) Director Michael Hayden, mirrored when he stated that “I would tell people, don’t take any electronic device that you care about because odds are it is going to get hacked, you’re going to have malware put on it, your private information gets taken by somebody.”
The World Cup represents a major opportunity for scammers from all corners of the globe. For the next few weeks, there will be countless soccer enthusiasts from around the globe who are looking for news coverage of the game, trying to book passage to the venue, and even looking to score memorabilia from the event.
As Larry Pfeiffer said to The Hill, “I think it is an incredibly rich environment for anyone wanting to conduct cyber mischief… You are going to have a lot of very happy, very drunk, very distracted people whose cyber hygiene will probably be less than optimal.”
These “very drunk, very distracted” people attending the event or following the games on TV or radio could become prime targets for focused phishing attack campaigns carried out by malicious actors.
For example, thieves could pose as travel agencies sending out emails and reminders to FIFA fans who have booked flights and accommodations for the event (or were planning to). In these attacks, thieves could convince unguarded sports fans to divulge sensitive information, such as:
Using this information, hackers targeting FIFA fans could commit large-scale fraud.
It’s not unusual for sports fans to be engrossed in their favorite sporting events to the point that they put off actual work. In fact, most fans typically try to request time off for big game days so they can either attend in person or watch the broadcast from the comfort of their homes or favorite bar.
However, one SC Media post highlights just how much of an impact that an employee’s fandom could have on their ability to respond to cybersecurity issues—especially when that employee is in charge of cybersecurity:
“odds are several security professionals will be looking to sneak a peak [sic] at the games, which could be bad for the security of your business. LastLine researchers surveyed 326 professionals and found 30 percent of them suggested they would wait until after a crucial match to fix an urgent corporate security issue.”
This should terrify businesses. Because, when it comes to responding to and containing cybersecurity threats, timing is key. The longer it takes for your cybersecurity team to identify and contain a breach, the more damage an attacker can do because it gives them more time to “breakout” of whatever system they initially compromised and into other systems that might contain more sensitive data.
A delayed response to an alert could make the difference between stopping an attack in its tracks and a major data breach.
However, one silver lining mentioned in the SC Media article is that “83 percent [of surveyed professionals] don't believe that the FIFA World Cup poses a risk to their organization.” After all, most of these professionals are on robust cybersecurity teams, and not everyone is going to be distracted at the same time. Instead, 72% of these professionals believe that the biggest risk may be “a cyberattack against the event in the form of a DDoS attack, social media channel hack, email correspondence or mobile threats” that correspond to the event.
So, what can avid FIFA fans do to increase their cybersecurity while still enjoying the event? A few basic tips include:
It’s our hope here at Compuquip Cybersecurity that you can relax and enjoy the 2018 FIFA World Cup, but we also know that cybercriminals love to exploit these kinds of events for their own gain. With some effort, you can protect your most sensitive information while enjoying the World Cup.
If you need any help or advice about how to strengthen your cybersecurity posture, please contact the experts at Compuquip today! We’re always eager to help you protect your business from cybersecurity threats. For more information about cybersecurity, you can find our Cybersecurity Basics guide at the link below: