We have seen this most recently with the Olympic Destroyer attack at the Winter Olympics, and we believe the upcoming 2018 World Cup will be no exception.
The main risk we see around significant events is a cyber-criminal activity with a financial objective.
We have already seen phishing campaigns targeting this year’s World Cup for a couple of weeks, using several methods such as low-cost ticket offers, the chance to win trips to Russia and promotions for items related to the World Cup (national team jerseys, mugs featuring players, etc.).
To increase their credibility, attackers mostly buy domains that resonate with the World Cup so that one can receive spam or phishing emails with addresses containing keywords associated with the event. The cyber criminal’s goal in this type of attack is to access your payment credentials.
The second risk we are seeing, which is likely to accelerate, is associated with the geopolitical stakes of an event. As we have seen with previous games, there’s heightened risk of denial of service attacks, with potential website defacement occurring to discredit the organizers.
It is also an increasing risk that state-sponsored groups will attempt to destabilize the IT and EO infrastructure used during such events. The primary objective is to expose the hosting country by showing it vulnerable.
From a geopolitical point of view, we also observe historically an acceleration of attacks and leaks of information trying to discredit the actions of such or such organizations, the most notorious example being the APT28 campaign against the world anti-doping agency.
The most important risk
Finally, the last significant risk that we anticipate is the one for the traveler. During significant events, we regularly observe information theft through various methods including physical hardware theft, hijacking of Wi-Fi hotspot, etc.
It is therefore essential for the traveler to take precautions including encryption of data, use of terminals without sensitive information stored, use of VPN, setting up multi-factor authentication on sensitive applications, and safekeeping of equipment.
Finally, the 2018 World Cup, like any major event, will be exposed to cyber risks, whether geopolitical or criminal or by actions with an international resonance such as defacements that can be used by groups wishing to convey a message or discredit the host country of the World Cup.
It is therefore essential to take a certain number of precautions limiting the risk and exposure of your data before and during the event.”
Mohammed Abukhater, Vice President, MEA, FireEye