UK: Cyber Threats To The 2018 FIFA World Cup Russia

A Developing Threat

Modern global sporting events are not only a world stage for competing national teams: they are increasingly an arena for a wide range of online attackers. The 2018 FIFA World Cup in Russia presents opportunities for cyber threat actors looking to exploit the unique conditions such an event creates.

Threats surrounding sporting events are nothing new, but in recent years cyber threats in particular have intensified. For example, the 2012 Summer Olympics in London reportedly suffered six major cyber attacks with little public impact, whereas the 2018 PyeongChang Winter Olympics was impacted publicly downing broadcaster drones and taking offline the official website.

Russia finds itself hosting the World Cup at a time of intense international scrutiny. Russia's unique geopolitical standing, and the growing threat to large international events are signs that the World Cup may be more than just a spectacle of football.

Just as technology is a huge part of a fan's enjoyment and engagement in an event, it is also part of a player's life both on and off the pitch. Social media and Internet access is a necessity for most travellers and journalists, making the World Cup more connected than ever before.

Cyber risks can affect every organisation and individual associated with the World Cup, from potential attacks against the host nation to financial scams targeting friends and fa y of fans who are staying behind at home.

Fans, Home and Away

Financially motivated cybercrime has been a consistent threat looming over sporting events, not only to individual fans, but also to businesses operating in support of the games, such as retail, hospitality and travel companies.

The process of buying a ticket for the World Cup and its popularity provides criminals with opportunity. Before and during previous large sporting events, criminals have used several online and digital techniques to directly target fans for financial gain. An example is phishing emails that manipulate victims into thinking they have won a lottery ticket draw, which stipulate that a processing fee must be paid in order to claim the prize. Another example is criminals creating a fake contest related to one of the World Cup's partners, and asking individuals to provide personal information, including credit card data, to receive a prize.

Some individuals may also lure spectators into making illegitimate ticket purchases. FIFA is attempting to restrict the potential for unauthorised ticket sales via third parties, and tickets can only be legally resold via the official FIFA website. However, profit-seeking individuals may offer tickets at extremely inflated prices on secondary ticket-selling websites, and request payments in advance.

The most obvious threats to fans when in Russia and to local Russian businesses lie in two other popular criminal tactics. Malware can steal credit-card data from users of point of sale (POS) terminals, and small 'skimming' devices attached to cash machines can steal data from cards' magnetic strips, which can then be used to create counterfeit cards.

Russian authorities expect to see up to a million fans from around the world, with the event taking place in 12 stadiums across 11 cities.This huge influx of people will spawn a temporary boom in tourism and hospitality, generating significant returns for local retailers, hotels, and travel companies. With this concentration of tourism, cybercriminals are highly likely to see the event as a viable target to make some easy money using a range of tactics.

Sporting events now drive huge online traffic from social media to fan websites and news. Every visitor will want to connect. When travelling Wi-Fi from hotels, shops and sporting venues provides an alternative to data roaming charges.

Attackers have also compromised hotel and public Wi-Fi networks to spy on guests, gather intelligence and to collect financial data. In 2014, cyber-security researchers reported that hotel guests in countries including Russia, South Korea and Japan had been targeted by the Darkhotel malware campaign.The malware infected computers and searched for sensitive corporate data, passwords and login credentials. In 2017, a variant of the same campaign also targeted political figures.

Harvesting credentials from insecure Wi-Fi often supports other financially motivated frauds. With access to legitimate accounts attackers target friends and family in a travellers home country or can use access to online accounts to carry out frauds.

Family and friends are also likely targets. There are examples of the 'stranded traveller' e-mail scam where an individual's account is hijacked and used to lure concerned friends into sending funds.

Dark Web Match-Fixing

Football match-fixing has also moved to the Dark Web in keeping with many other forms of crime. MDR Cyber's intelligence team has uncovered sites offering privileged sport information, and the ability to purchase fixed matches.

We identified multiple sites each offering match-fixing information and services.

The sites were directly aimed at bettors indicating the odds of matches and charging more for those that were more favourable or had a higher chance of success for a gambler. According to the individuals running the sites, they could fix matches in several sports, including European football in all major leagues.

The sites claimed to be based on insider information rather than directly altering the outcome of games, which may indicate links to other match-fixing groups not operating online. Spot-fixing, where parts of a match such as timings of throw-ins or substitutions are deliberately manipulated, is reported to be a prevalent technique in various sports, with claims that it directly affects football matches.

In 2013 Europol and police from 13 countries uncovered an extensive criminal football match-fixing network. According to Europol, the investigation extended to 425 match officials, club officials, players and criminals from more than 15 countries, who were suspected of involvement in fixing more than 380 football matches.

Prices ranged from $99 for 3/1 odds to $400 for a 19/1 match in European minor leagues. Other sites provided more premium services at $1500 for 2-3 matches at between 15/1 to 70/1 odds with a claimed 100% success rate. Payments are accepted in a variety of cryptocurrencies, including bitcoin. There is always a chance that these sites are simply scams, with no genuine information. The sites were unable to provide any proof of their access or validity.

Although there has been no indication that matches in the World Cup will be targeted, this is a threat organisers and betting companies will want to considered cal and international sporting events.

To view the full article click here

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.