Hours until the World Cup kicks off, yet the scams have been present for months, as fans become prime targets for the next month
In just a few hours the FIFA World Cup will kick off with Mexico and hosts South Africa taking centre stage.
While this could be named as the first ‘techno-friendly' World Cup, how many people were on Facebook, Twitter, blogs or using smartphones during the 2006 tournament? There is an obvious trend towards cyber crime too.
So for the last few months I have been collecting emails related to the World Cup from security vendors, and there has been a running theme regarding warnings about phishing, malicious links and suspicious sites.
So first of all let's be honest, malware is going to be present in regard to any major sporting event and not just the World Cup – whether it is enticing videos via phishing messages, promises of exclusive videos of who knows what on social networking sites or poisoned search engine results.
As with most events and celebrity deaths, cyber criminals are able to use keywords and sensationalist tactics to draw people to their websites and to click on links.
Fortinet claimed that as is the case with any high profile worldwide event, the World Cup is fuelling higher internet traffic volume, which tends to lure opportunistic spammers and hackers. It warned that in such a situation, enterprises and consumers need to be cautious when engaging the online community and navigating the web.
It suggested that in a bid to stay safe online, enterprises need to educate employees on web usage and maybe even limit the amount of time employees can spend online watching or surfing information on the ongoing matches.
It said: “Historically, hackers have attempted to hijack traffic from popular websites, and the FIFA World Cup will be no exception. Cyber criminals have repeatedly proved their (often simple) attacks can be successful. Common social engineering attacks capitalise on events through social networking, email-based spam (containing malicious links/attachments) and search engine optimisation (SEO)-based attacks.
“In addition to malware attacks, fraud is also a significant threat to be wary of. For example, FIFA issued a scam warning earlier this year that suggested sports fans be wary of ticket lotteries and any other communications from FIFA that ask for additional payments and/or personal information to secure tickets.”
So we should all be aware of what we click on over the next month, and also ensure that employees avoid spending too much time watching the coverage online. A survey by Ipswitch WhatsUp Gold said that it expects corporate bandwidth use across Europe to double during the World Cup, and feared that networks could grind to a halt in the host nation.
The 2010 World Cup will be the first in the history of the tournament where every game will be streamed online live, as well as being the first World Cup to offer high definition coverage of the tournament. In the UK, matters are further complicated by the majority of games taking place during normal office working hours.
As a result, Ipswitch claimed that service providers and employers are bracing themselves for potential network disruption and pressure on internet connectivity as consumers and staff turn to streaming video as a way to keep tabs on the sporting action.
Ennio Carboni, president of Ipswitch's network management division, said: “There is a real growing feeling that this year's FIFA World Cup in South Africa could be the most exciting yet, however the impact on businesses could be huge, as shown by the results of our survey. Your business depends on your network for successful operation. Users making use of video streaming services can put a considerable strain on companies' networks, resulting in bandwidth chokes and even outages, in addition to exposing them to security threats.”
So on to the malicious threat, Sunbelt Software claimed that the ‘insatiable desire' to watch the World Cup matches at work could have the potential to be the biggest security catastrophe ever seen, with malware writers targeting eager employees who will disregard common sense and employ any means necessary to get their football fix during office hours.
In particular, it warned football fans heading to largely unknown and untrusted websites in search of footage could lead to an increased virus threat, phishing attacks and malware embedded in web pages, banner advertising and fake video streaming codec downloads.
Sunbelt also said that it expects to see malicious links on Twitter, fake applications on Facebook and other kinds of dubious behaviour on the more popular 2.0 websites.
So what sort of threats should you be concerned about? There seems to be a dual attack vector – to those seeking footage and to those aiming to get out to South Africa. For those at home, MessageLabs Intelligence identified a run of 45 targeted malware emails intercepted en route to a number of Brazilian companies, including chemical, manufacturing and finance firms. It claimed that this social engineering attack exploits the excitement surrounding the 2010 World Cup in South Africa, to prompt the recipients to take actions that may compromise their systems and corporate information.
It said that one particularly interesting element of this targeted attack is the use of two attack modes, a PDF attachment and a malicious link. The email in this case was spoofed from a well-known sportswear manufacturer, using the manufacturer's .com.br domain and was sent from a server hosting company in Brazil. The manufacturer being spoofed is a sponsor of the FIFA World Cup, which adds validity to the attack.
The company has also flagged up targeted attacks, and said that it first saw a FIFA World Cup related attack at the end of March 2010. Dan Bleaken, malware data analyst at Symantec Hosted Services, said: “The tournament is increasingly being used to lure potential victims. In addition to the FIFA World Cup attack we intercepted and reported in March, we have seen three others more recently.”
The first used a free web-based email service with a subject line ‘enclosed is the full match schedule of South Africa 2010 World Cup, in which American matches are highlighted'.
He said: “This is known as the ‘hook' or ‘call to action' which the attackers add to tempt the recipient into opening the attached file named ‘2010_FIFA_WORLD_CUP.zip', which contains an Excel document named ‘2010_FIFA_WORLD_CUP.xls'. It is relatively uncommon to see targeted attacks using Excel documents. Normally we see PDF or Word documents or straight .exe files. It is also relatively uncommon to see malicious documents contained in a zip archive.”
A second attack was similar, encouraging recipients to open an attached, malicious, World Cup match schedule. This was targeted at two users, one in a high profile inter-governmental organisation, and one in a globally-recognised charitable organisation.
“Again, this attack creates a backdoor to the victim's machine, enabling the attacker to stealthily help themselves to data on the victim's PC,” said Bleaken.
The final attack saw the attacker simply cut and paste text from a legitimate site set up by the Niall Mellon Township Trust, a charity dedicated to building homes for the poor of South Africa's Townships. The site contains all the details needed to enter a prediction league, which they have set up to raise money for the charity.
Bleaken said: “The attacker downloaded a document from that site (circled above) that contains details of all the tournament matches and allows predictions of game results to be filled in, updating group tables and fixtures. Next, the attacker added malicious content to that Excel document, attached it to the email, and mailed it to the targeted recipients.”
For those preparing to leave the country, there are numerous scams around claiming to offer tickets to key games. A survey by F-Secure found nearly a third of fans – 28 per cent – were prepared to click on unauthorised links for information on cheap tickets.
Mikko Hypponen, chief research officer at F-Secure, warned that the 2010 tournament was ‘a major opportunity' for cyber criminals to cash in by selling fake tickets, attracting supporters to drive-by download websites (sites which download malware without the users' knowledge) and carrying out phishing attacks camouflaged with a World Cup theme to plunder online accounts or steal personal details.
He said: “Many of the seemingly attractive ticket deals offered outside the official World Cup website, www.fifa.com, are bogus and designed to exploit the desperation of supporters trying to snap up bargains.
“I urge football fans everywhere to give cyber criminals the red card by refusing to be fooled by their dirty tricks. In addition to online vigilance against World Cup spam, scams and hoaxes, it's also crucial to keep computers patched and up-to-date to avoid getting hit by drive-by downloads from dubious websites.”
So with only hours to go to the kick off and a few more to England's first game against the USA, it may be time to reconsider web use and email filtering, but realise that by 12th July, it will be all over.