2018 FIFA World Cup: Open Season For Malicious Threats?

2018 FIFA World Cup- Open Season For Malicious Threats?.jpg

By Moshe Elias

As our world becomes more digitized, the risk of cyberattacks on scoring systems, retail transactions, and even consumer devices — where social media activity and online betting take place — increases. Cybercriminals exploiting online ticket sales and/or transactions in a non-secure environment can often leave fans with infected applications on their devices. The less savvy mobile users — a good portion of the 95% of Americans who own a cell phone — are easy prey for hackers.

Communications Service Providers (CSPs) are in a unique position to better protect their subscribers by delivering security services at the network level. This will give mobile users what they crave: around-the-clock protection, no matter where they might be and no matter which application they may be using.

Foul! Cybercriminals Have Their Eye on the Ball  

Cybercrime has become a significant industry in its own right, generating about $1.5 trillion in revenue worldwide, and cybercriminals are targeting broader swaths of unsuspecting users. CSPs must play an integral role in defending subscribers, commonly referred to as "the internet bloodline" as only CSPs can provide "clean pipes" by detecting and mitigating traffic anomalies at the network level before any damage can be done.

The preemptive strike methodology has been proven effective. Based on anonymous data gathered from four CSPs across Europe and Israel, representing seven million protected customers, Allot Communications found that nearly two billion mobile security threats were blocked [note: opens in a PDF] over a four-month period. That translates to an average of two threats each day per mobile device. Of those two billion detections, over one hundred million threats were triggered by adware (advertising malware that presents itself as unwanted advertisements), an indication of how popular this attack vector is among to cybercriminals.

Massive, global sporting events like the FIFA World Cup are prime hunting grounds for cybercriminals. Vulnerable fans are spending more time on their devices, interacting more on social media and sharing more data. CSPs must be extra diligent when handling the influx of attacks before, during and after such sporting events.

Neutralize the Threat

Within our increasingly connected world, fans are more apt to scroll through social media or download apps before, during and after games, including sports betting and live-streaming of matches. Social media applications with hidden malware, as well as phishing and ransomware schemes, often target unsuspecting mobile subscribers. This criminal activity can be even more pronounced during a global event such as the FIFA World Cup.

Which Subscribers Are Most at Risk on Your Network?

  • The Casual Fan is not very active on sports apps or websites during an event, leaving them unlikely to download or click on any malicious apps or links.
  • The Info-Seeker uses multiple apps and websites to gather information about sports, but they don’t share information through social media. This type of fan is more sport-oriented and less social-focused, allowing them to consume high volumes of sport content without penetrating social media networks.
  • The Info-Guzzler consumes high volume of sports content and data during intense online sessions while frequently using multiple apps and websites. They also dip their toes into social networks, but it’s not their primary source of information, meaning they aren’t at the greatest risk of exposure to cybercriminals.
  • The Social Monitor spends large amount of time on social media apps and websites, putting them at a higher risk to malicious attacks. They usually observe more than they click or download applications.
  • The Social Mingler is active with friends and others on social media, but are less engaged with sports-related apps and URLs. These fans are still at a high risk since most of their activity is spent on general social media apps, which can give phishers all the information they need to trick their victims.
  • The Movers and Shakers are at the highest risk for malicious threats because they combine both the intense social activity of a “mingler” with the intense sports engagement of a “guzzler.” They are very active on both social media apps and websites/URLs, putting them at extreme risk due to a congested network.

Most fans don’t realize how much more time they spend before, during or after a large sporting event on their mobile devices scrolling, searching, streaming, etc., and exposing themselves to adware, cryptocriminals and phishing scams.

It’s not just malware that fans need to be cautious of; some people are also being tricked into purchasing fake tickets. Kaspersky Lab explains that those searching for tickets on sale for this year’s FIFA World Cup or other events should be wary of how they make their purchase. According to AARP, nearly five million people a year receive fake tickets to concerts, sporting events, and theme parks.

Lace Up Your Sneakers: Prepare for the Next Attack

To properly mitigate these attacks, service providers must first acknowledge and address the shift of online behavior to know what their subscribers’ risk or vulnerability levels are. Once the risk landscape is mapped and risk behaviors are acknowledged, CSPs should take the opportunity to educate these fans — their subscribers — on how to protect themselves with a holistic approach through network-based security.

CSPs can offer effective, value-added security services, including anti-malware, anti-phishing and ad blocker services. While simultaneously decreasing their customer’s risk of turning into a targeted sports fan, they increase customer loyalty and satisfaction. Security services enable CSPs to generate revenue while their customers save money.

Not only will this approach enhance the users’ quality of experience, but it will also enable operators to safeguard users on whatever device in whichever way they access the network: fixed or mobile.

About Moshe Elias

Moshe Elias is Director of Product Marketing at Allot Communications, a provider of security and monetization solutions that enable service providers to protect and personalize the digital experience. Elias currently focuses on marketing security solutions for consumers and businesses to protect against cyber threats. Prior to his current role, he held management positions at Cisco Systems and Checkpoint in engineering, business development, and sales.

More About Moshe