Cyber criminals aim to score with Rugby World Cup

IT Web

With the Rugby World Cup underway, a security expert has warned that cyber criminals are match fit to breach the security defences of fans, organisers and sponsors.

Simon McCullough, major channel account manager for Sub-Saharan Africa at F5 Networks, says with so much excitement in the air, fans may not be paying attention to some of the online red flags. This could pose a problem for businesses.

“How many employees will place an unsecure bet? How many will attempt to win tickets from a fraudulent Web site using BYOD or an office-supplied device?”

He says online activity will also be off the charts.

“In 2015, there were over 270 million social media video views, 2.8 million official app downloads, and the #RWC2015 hashtag appeared twice a second. Expect records to tumble again this year as cyber criminals get match fit to breach the security defences of organisers, sponsors and fans alike.”

McCullough says the 2018 FIFA World Cup in Russia was a great lure for cyber criminals, and serves as a good barometer for what may happen in Japan.

“During the football world cup, tactics like phishing and social engineering were widely used to scam unwary fans out of money. We expect this year’s Rugby World Cup in Japan to be no different.”

He also cautions that even in the build up to the event, fans have been bombarded by a wide range of scams using tournament branding to look legitimate.

“These include fake apps, betting scams, counterfeit tickets, as well as browser attacks targeting credit card details. Meanwhile, thousands of illegal streaming sites are sitting on the bench waiting for proceedings to start.”

He says in March 2018, an Interpol conference identified the Internet of things (IOT) as a major sporting event risk.

“At the same time, thingbots (such as Mirai) are being harnessed by hackers in greater numbers than ever to form powerful botnets of networked things.”

He adds that Japan knows the risk. “Earlier this year, the country’s National Institute of Information and Communications Technology planned a sweep of around 200 million devices to check for vulnerabilities in connected ‘things’ like routers, webcams and home appliances. It is a much-needed initiative. Historically, IOT devices tend to prioritise access convenience over security, and the World Cup is a timely prompt for widespread awareness and action.”

Further, he says there are no silver bullets and any organisation touching IOT must constantly assess its defensive posture.

“Never cut corners with IOT. Don’t buy products with known vulnerabilities, obvious exploit histories or substandard security mechanisms. Quarantine or retire any devices that cannot be secured.”