Cybercriminals target the 2018 FIFA World Cup with phishing and online scams

Posted by Geraldine Hunt on Mon, Jun 11th, 2018

June 14th kicks off the 2018 FIFA World Cup in Russia.  This month-long event will attract soccer fans from all across the world.  Unfortunately, like many global sporting events, it will also attract a good many hackers and nefarious individuals as well.  Cybersecurity experts have long voiced concerns for those visiting Russia.  It’s common knowledge that normal cyber behavior is highly susceptible due to legacy infrastructure and a plethora of hacking talent.  In fact, the National Cyber Security Center of the United Kingdom is warning fans not to use public Wi-Fi networks when visiting Russia for the tournament.  They are also recommending that fans not bring their personal cell phones with them but instead use pay-as-you-go phones that they can dispose of at the end of their trip. 

It is not just fans that are being warned.  England has advised its players, coaches and support staffs to avoid open Wi-Fi networks for fears that hackers may steal details concerning team strategy and game plans as well as personal and private information on the players.  Data about prominent sports players has become highly targeted in recent years.  An example was last year when the information concerning 1,135 NFL players was compromised within a website of the NFL Players Association.

Vulnerable Infrastructure

The cybersecurity company, Kaspersky Lab, completed a study earlier this year on the public Wi-Fi available in the 11 cities participating in the World Cup.  The conclusion of the report stated: “A lack of essential traffic encryption for Wi-Fi networks where official and global activities are taking place – such as at locations around the forthcoming FIFA World Cup 2018 – offers especially fertile ground for criminals.”

Two of the more worrisome facts in the report were as follows.

• 22% of all public Wi-Fi hotspots, approximately 7,200, lacked any configured encryption or authentication algorithms.  In other words, one-fifth of the public wireless infrastructure offers no wireless protection.
• Only 62% of Wi-Fi hotspots utilized WPA2 encryption.  The remaining hotspots depended on legacy encryption protocols that are completely vulnerable.

Best Cyber Hygiene Practices

If you’re going to the World Cup in Russia, it’s important to know how to protect yourself, your devices and your data.  While many cybersecurity professionals will advise you to simply leave computing devices at home and avoid all cyber activity, many are not willing to go that extreme.  Here are some basic cybersecurity guidelines to follow :

Always use a VPN

Many people take advantage of public Wi-Fi in order to avoid expensive roaming packages for their 4G phone subscriptions.  Because such a large number of public Wi-Fi spots lack up-to-date Wi-Fi security, filtering or encryption protocols, you should always use a VPN service when connecting to Wi-Fi to access the Internet.  This is true for hotel Wi-Fi as well.  Keep in mind that some of the well-known VPN services are blocked in Russia so you may have to try several VPN services before finding one that works.

• Never use a public computer
• Always assume that a public computer kiosk is compromised with keyloggers and other types of malicious software.  Never access any website on a public computer that requires you to login to any type of account. 
• Disable your Bluetooth services
• You should disable the Bluetooth service on any computing device you bring to the games.  An open Bluetooth connection can make your device vulnerable to hackers.
• Utilize encryption and remote wipe

Companies should be fully aware of the risks involved with employees carrying enterprise devices to the tournament.  All computer devices including smartphones should be protected by full disk encryption.  Mobile devices should be protected by some type of remote wipe capability that allows system administrators to wipe any missing or compromised devices remotely.

Limit your Internet usage

• Under no circumstances should you access your online bank account during the games, even if you have VPN.  You should also forego all online shopping activities in order to protect your credit card information.  For added precaution, you should avoid checking your email as well. 
• Never share anything
• Do not accept any promotional USB data sticks or DVDs of any type.  These storage media can contain malware that will propagate to your device when inserting the host media.  You should never share your computing devices with anyone.
• Be wary of all websites and apps
• There will be numerous new illicit websites launched before and during the tournament. One of the most common online scans will be phone ticket sites advertising last-minute ticket promotions.  Other types of anticipated scams will include giveaways and prize alerts that impersonate the websites of well-known sponsors of the World Cup. 
• You should also be wary of any app you download.  Do not share data with any app you download under any circumstances.

If you’re headed to Russia in June, have fun! But, remain vigilant; major international sporting events are also major cyberattack targets.