World Cup drew nearly 25m cyberattacks
President Putin said nearly 25 million attacks against World Cup were deflected
The FIFA World Cup finals drew nearly 25 million cyberattacks, according to a statement from Russian president Vladimir Putin.
The president said that information infrastructure related to the football tournament was targeted, but that the attacks were all successfully blocked.
No further details were given by the Russian authorities, but security experts said that the apparently high number of attacks was typical for major global events.
Among the many cybersecurity scares that accompanied the fiesta of football were warnings about World Cup-themed phishing attacks, scam ticket sites, and the risks of unsecured public Wi-Fi hotspots. Some countries advised their players to use secured satellite comms while in Russia, and there were also warning of Russian state-sponsored hackers trying to hack anti-doping organisations to steal player's medical data.
Mohammed Abukhater, Vice President, MEA, FireEye, said that there are two main categories of risk associated with events like the World Cup: "The first one that can be described is a cybercriminal risk with a financial objective and a will to deceive supporters around the world. This includes the phishing attacks that started several weeks before the tournament and carried on throughout. These campaigns use several levers such as low-cost ticket offers, the chance to win a trip to Russia, promotions for items related to the World Cup (national team jerseys, mugs featuring players etc).
"In order to increase their credibility, attackers mostly buy domains that resonate with the World Cup event, so victims can receive spam or phishing emails with addresses containing terms such as Russia, FIFA, Russia2018, FIFA2018, world cup which are very regularly used in more complete domain instances like worldcup.monsite.site. The objective being to deceive the eye of an unwise user. The main goal in this type of attacks, recover your banking information and force you to go through with the transaction to get the card number information, expiration date and also CCV.
Abukhater continued: "The second risk comes from state-sponsored groups which will attempt to destabilize the IT and EO infrastructure used during the World Cup. A tool commonly used to do this is a distributed denial of service or DDoS attack which takes down websites to make the organisers look vulnerable. Historically we've seen an acceleration of attacks and leaks of information trying to discredit the actions of an organisation tied to an event, the most notorious example being the APT28 campaign against the world anti-doping agency (WADA)."