Cyber-criminals have used the Euro 2016 Football tournament to target victims with malicious websites. As well as this, official apps for the football fest are also leaking data, it has been claimed.
According to research carried out by the SmartWire Labs Team at Wandera, an increase in the number of malicious websites being accessed by smartphones has been detected. The firm said that host country France has been actively targeted by hackers, with 72 percent of malicious websites and 41 percent of exposed passwords being detected on smartphones in that country.
During its research period, the number of data leaks observed by its research team increased. It predicted that this number will continue to rise as the tournament goes on as a result of more people travelling across Europe and using unfamiliar apps and websites to access match information.
The firm also said that the official UEFA Euro 2016 Fan Guide app, which is a designed to provide practical tourist information for fans travelling to France for the tournament, leaked data.
It discovered that user credentials (including username, password, address and phone number) submitted to the online UEFA store website are being transferred by both the iOS and Android versions of the app over an insecure connection.
“The app itself has over 100,000 downloads on the Google Play store alone, and a very high rating. The implications of this are huge with potentially thousands of people having their personally identifiable information exposed and possibly stolen,” said the firm in its report.
“While the public has been made aware of malware concerns associated with fake FIFA apps, it should be noted that even an official app such as the UEFA Euro 2016 Fan Guide app is not secure,” it said.
Eldar Tuvey, CEO of Wandera, said increased data usage during the beginning of Euro 2016 “will come as no surprise to anyone”.
“What is clear, however, is that football fans are travelling across Europe, accessing apps and websites that are unfamiliar to them to access the up-to-date information they crave. Our analysis proves that even so-called ‘trusted sources' carry risk and vulnerability – something that enterprises must be equipped to deal with.”
SCMagazineUK.com has contacted UEFA for comment on the app. SC investigations have discovered that the official app for both iOS and Android has been updated since the report was published.
Paul Farrington, manager of EMEA solution architects at Veracode, told SC that hackers are constantly designing engaging malicious content for users to click on and/or download. And corporate users continue to download these risky applications on their mobile devices, increasing an organisation's attack surface and putting its corporate data at risk.
“Many organisations continue to take a manual approaches to mitigate the threat of unsafe mobile apps, such as manual pen testing and manually-curated blacklists. However, this is difficult to scale due to the sheer size, complexity and constantly-changing nature of the problem. As a result, they either fail to keep up with mobile threats or frustrate employees by prohibiting apps arbitrarily,” he said.
Mark James, security specialist at ESET, said the tournament is also an opportune time for cyber-criminals to launch attacks via social media and email.
“This could be by posting malicious links via social media fan pages or through phishing emails with malicious attachments or links. These extra threats will put immense pressure on IT departments' already overflowing workload and will create new avenues for cyber-criminals to attack,” he said.