The 2018 FIFA World Cup is expected to be the largest yet, with fans from all over the world watching. When it comes to TV audiences, the games are expected to be watched by 3.4 billion fans from 200 countries, which is nearly half the total world population. Not only is the World Cup available to view worldwide through a variety of broadcasting platforms, but smart technologies are now increasingly used by the fans to watch the games and interact with their favorite players. In fact, a survey by GlobalWebIndex found that 47% of the online population plans to watch the games online, and a quarter of millennials have declared they’d follow the tournament on their smartphone or tablet.
And if this doesn’t give you enough hint about the scale of the event, here are some more numbers:
- 12 stadiums will host the World Cup matches which would all require a good IT infrastructure
- More than 5,000 media representatives will be present at the games
- 36 participating teams, 736 players and 99 referees
- 17,040 people form 112 countries are in the volunteer’s team
High profile sporting events like the FIFA 2018 World Cup could provide many opportunities for hackers to target not just consumers and their smart devices, but also stadiums’ infrastructure, such as grid power and lightning among others. Cyber criminals often use these large gatherings of people and technology to steal personal information like usernames and passwords, or harvest users’ credentials for financial gain, among other malicious activities.
Digital threats likely to be seen at the World Cup
While attacks at previous major sporting events have focused on ticket scams, and availability of IT services and personal data, there are now more substantial cyber threats to stadium operations, infrastructure, broadcasting and participants and visitors to the games. For example, the 2012 London Summer Games were hit by a DDoS attack on broadcast operations and power systems seeking to limit viewer access to live broadcasts; fortunately, it had limited success. In response to similar threats, the South Korean government and Pyeongchang organising committee invested around £850,000 into cybersecurity measures for the 2018 Winter Games.
Individuals taking part in the matches, either participants, organisers or fans, could become targets to hackers in various ways. The most popular scams could include spam emails about winning tickets in the FIFA lottery and fake websites about cheap flights and accommodations in Russia. Hackers could also create duplicates of bank websites and popular tourist sites, such as Booking.com and Airbnb, and use them to gain access to the users’ banking information. Below, we’ve listed a few of the most common ways in which the personal details of all present at the football games could be compromised. Follow the links for each to find out more about the nature of those threats.
- Phishing attacks – Just days after the tournament kicked off, researchers at Check Point revealed the ‘Wallchart’ phishing attack designed to lure football fans with a subject line about the World Cup schedule and scoresheet
- Dubious mobile applications – users could download World Cup-related apps which seem genuine and thus compromise their devices
- DDoS attacks – At the start of the 2014 FIFA World Cup in Brazil, hacktivists defaced and conducted DDoS attacks against websites of the Military Police of Sao Paulo, Brazil’s Department of Justice, Hyundai, and the Emirates Group, to protest against the corruption around having the event held in Brazil
- Unsecured WiFi – 7000 WiFi networks in the Russian World Cup cities were found to be vulnerable and England players and staff in particular have been advised not to use public or hotel WiFi
Protecting the World Cup by following the CIA concept of digital security
In order for organisers of such sports events to protect everyone involved, they need to rely on cybersecurity strategy that protects the three main pillars that underpin connected devices and services: Connectivity; Integrity; and Availability (CIA). This means that connected devises must be secure-by-design and the services associated with them should factor:
- Confidentiality: ensuring that devices, systems or data are not accessed by unauthorised parties
- Integrity: ensuring that no data can be manipulated or tampered with
- Availability: ensuring that attendees can connect whenever, and to whoever, they need to
The table below illustrates how the 3 CIA pillars reflect the World Cup digital environment, including different threats that can be associated with each of those.
Measures that ensure Confidentiality, Integrity and Availability
Major sporting events like the 2018 FIFA World Cup require months of preparation that include evaluation of risks and mitigation based on different scenarios. Simple measures for fans and visitors such as switching off the Wi-Fi and Bluetooth connections of devices when not in use, using a credit card to pay for online goods and services, updating the software of devices, and using strong PINs and passwords can all help. But here’s how an organizer can ensure confidentiality, integrity and availability:
- Create strong IDs for connected devices – ensuring Trusted Digital Identities could be a good way forward
- Protect the stadium sensors by securing the associated devices, network and the cloud
- Create redundant databases for the recovery of disaster case scenarios
The location of the 2018 World Cup and increased connectivity, both among the public and infrastructure, make it a prime target for digital threats. Luckily, now going into its final stages, one of the most significant global sports event hasn’t been intruded by major cyberattacks. But these last couple of weeks are also the most important one for all parties involved, therefore they need to ensure digital security prevails at all costs.
Good luck to all the remaining teams and their fans, and make sure you stay safe if you’re out there!
The post Is the CIA protecting the World Cup in Russia? appeared first on Gemalto blog.
The post Is the CIA protecting the World Cup in Russia? appeared first on Cybersecurity Insiders.
July 03, 2018 at 09:09PM
0 comments:
Post a Comment