How to avoid a security own goal during the World Cup | Deloitte UK has been saved
Debating the merits of the 4-4-2 format. Post-match analysis round the watercooler. Catching the match after work.
Whether you’re a die-hard fan or only ever watch the odd international match, many of us enjoy the excitement around the World Cup: no one more so than cyber criminals who see popular events like this as their ticket to a quick profit.
From emails sharing a video of that injury to an app to track your team’s progress – the opportunities for attackers to steal data and compromise devices are everywhere. So what should you be on the lookout for and how can you stay safe?
This includes lottery entries and competitions with links directing users to videos of exciting moments: cyber criminals will try a range of lures to encourage people to part with personal details or open attachments and web pages hiding banking or cryptocurrency mining malware. Researchers at one anti-virus company have already reported a spike in World Cup related phishing and this is likely to continue throughout the tournament.
In a watering hole attack, a website is compromised and used to serve up malware to site visitors, exploiting a wide array of vulnerabilities in order to avoid detection by security tools. Creating such a website – for example, with a topical theme such as the World Cup – is an effective way of infecting victims. This technique is commonly used by advanced threat groups in order to introduce espionage malware into a target network.
These online advertisements are used to spread malware, either by downloading when clicked or by redirecting users to a site hosting the payload. Alternatively, vulnerabilities in popular multimedia applications are exploited, allowing malware to be downloaded without any interaction. As users are expecting to see World Cup advertising they are less likely to be cautious when following links.
Following your team’s progress has never been easier, with a range of smartphone apps that will push notifications for all the action. Users will often search for new applications, some of which may be fraudulent and used to harvest confidential information and install malware, including banking Trojans and spyware.
These threats are faced by individuals and companies alike. Employees accessing World Cup information through corporate devices and networks can result in increased malware incidents, resulting in financial losses, both for affected individuals and organisations.
Prudent security measures include:
Most of all, be cautious.
If it looks too good to be true, sadly, it probably is.