World Cup poses security risks
Huge unanticipated security risks are posed to companies by cyber criminals who have taken full advantage of the upcoming World Cup, via targeted malicious PDFs/malware serving campaigns, blackhat SEO and fraudulent propositions, as well as fake lottery winning notifications and letters of claim-themed scams, and these security risks are likely to increase once the event gets underway.
According to Dancho Danchev, an independent security consultant and cyber threats analyst, Symantec researchers have discovered a continuing targeted malware campaign which is using the World Cup as a smokescreen in order to persuade end users to open malicious PDF files. The campaign is capitalising on a patched flaw within Adobe Flash Player; a vulnerability which was found last week.
A spokesperson for Adobe said: "We are in the process of finalising a fix for the issue" but the company admitted that "the vulnerability is being actively exploited in the wild."
"It doesn't really get any worse than a 'zero-day' vulnerability like this," said Graham Cluley, senior technology consultant at Sophos, a security software company.
Targeted malicious attacks are, arguably, the most damaging type of Internet threat and, according to Dan Bleaken, the Malware Data Analyst for Symantec, these attacks "are designed to target a specific individual or organisation."
Attackers have used the appeal of the World Cup in order to entice people working within companies and, if an employer/employee opens the PDF, the resulting security risks can be endless. It has also been noted that two thirds of the attacks are being directed at the highest levels of corporations and the government, due to the fact that those in the most senior positions have access to the most valuable and sensitive data.
"The aim" said Mr. Bleaken "is to extract sensitive or valuable information, which could then be used to gain competitive advantage, blackmail, harm reputation, gather intelligence, spy, steal secrets/designs/ideas, and so on."
Fraudulent World Cup emails
The World Cup has provided attackers with newsworthy and exciting bait and they have been tailoring emails and attachments to sound official. By placing certain legitimate details within the emails, the attackers make it more likely for people within an organisation to open the documents and, as a consequence have their network compromised.
An example of one such cyber crime that revealed the potentially enormous security risks that can be posed by cyber attacks was seen in the form of fraudulent emails and documents being sent under the banner of Greenlife Africa, a safari company based in South Africa.
Cyber criminals downloaded a PDF document from Greenlife concerning details of World Cup safaris and altered it by including malicious code into its content. The fraudulent PDF was sent to numerous targets across the globe, including "a user in a major international organisation that brings together governments from all over the world" claimed Symantec.
Although malicious code contained within the fraudulent Greenlife PDF was spotted and eliminated, and no longer contains a threat, the initial security risks entailed by this PDF were vast and Symantec has warned that antivirus packages are relatively unable to detect such a sophisticated threat.
PDFs form the most commonly used method of sending out malicious code to companies (comprising 41 percent of fraudulent attacks around the World Cup), but these codes have also been detected in Excel documents (18 percent) and Word documents (14 percent). Corrupted Excel documents pose huge threats and high numbers of Excel spreadsheets containing timetables for the World Cup, along with malicious content, have been sent out to companies.
It is relatively uncommon to see malicious code within Excel documents and this therefore makes it more difficult to spot.
Blackhat SEO has also increased in the run-up to the World Cup and incidents of fake lottery wins have risen considerably. Visa's "Go Fans" campaign, which offered fans the opportunity to win a trip to South Africa to see the World Cup, also became the victim of fraud when cyber criminals used phishing to obtain the personal and financial details of some of the competition's entrants.
Security risks to banks
The World Cup has also led to sharp increases in bank fraud and a recent survey conducted by Travelex revealed that one in 12 cases of fraud reported across the globe has taken place in South Africa.
Vendor Actimize has said that banks are, however, struggling to to identify these suspect transactions because of the statistical "noise" generated during such a huge event.
Jackie Barwell, the manager of financial crime products, at Actimize said: "Because of the increased volume of amateurish 'noise' created by opportunists, many of the phishing emails created by organised criminals look incredibly professional. These more professional schemes will direct unsuspecting victims to convincing Web pages asking for credit card details or online banking log-ins."
Actimize has advised banks to amend their transactional risk scoring and anti-fraud processes so as to minimise their security risks and make it easier to identify genuine suspicious activity across all customer channels - ATM, debit and credit card transactions as well as online transactions.
Whilst the World Cup is generating huge profits for companies and organisations around the world, it has also led to a surge in fraudulent and other types of criminal behaviour that ultimately leave businesses open to increased security risks. As the world cheers on the World Cup opening match, it is imperative that companies maintain awareness of the associated threats and take steps to ensure these do not ultimately do any long-lasting damage.
Like this article? Get the RSS feed: