One of the biggest sporting events in the world has arrived in the form of the 2018 FIFA World Cup taking place in Russia, with 32 nations competing over the next month in a tournament which is expected to be watched by billions of viewers around the globe, on television, mobile and online.
While events like the World Cup are viewed by many as an opportunity to enjoy sporting drama, there are some who see high-profile events such as this as an opportunity to conduct espionage and hacking campaigns.
For example, one high-profile sports event to already attract the interest of hackers this year was the Winter Olympics in South Korea. A cyber attack against the opening ceremony caused IP televisions in the main press centre to malfunction.
Dubbed Olympic Destroyer, the malware was designed to be destructive, but it was also designed to confuse, with a trail left implicating North Korean hackers. And while some have blamed Russia for the attack it’s still not clear who was really behind it.
Major sporting and cultural events like this are tempting targets for groups looking to create high-profile cyber incidents.
“Certainly, with high-profile events, if a threat actor has a desire to cause disruption, we know by looking at the actions of malware such as Olympic Destroyer that they have the capability,” Martin Lee, technical lead at Cisco Talos told ZDNet. “Often it’s not clear who is behind particular attacks or what their objectives are and now that analysis is becoming more difficult by threat actors attempting to actively muddy the waters”.
But while attributing cyber attacks remains a difficult task, many in the cyber security sector are under no illusion that the high-profile nature of the World Cup means it is going to attract attention from attackers of all varieties, ranging from low-level scammers to nation-state backed threat actors.
“There’s always a cyber element to all these big events, whether it’s the World Cup or the Olympics. Just with so many countries involved and the political ramifications, there’s always an information gathering element to it,” George Kurtz, CEO of Crowdstrike told ZDNet.
“They’re going to gather information in person, they’re going to gather information through traditional methods and they’re going to gather information through a cyber component. There’s going to be a lot of countries involved in gathering information, not just one.”
Still, that the World Cup is taking place in Russia creates something of an unusual dynamic when it comes to potential nation-state hacking.
Western governments have been quick to point to the Kremlin-backed hacking groups as a threat, but with the event taking place in Russia itself, it is perhaps more likely that visitors rather than the infrastructure of the event will be the target.
Last week a US intelligence official warned travellers to the World Cup that their smartphones or laptops could be targeted by Russian hackers or cyber criminals.
“Corporate and government officials are most at risk, but don’t assume you’re too insignificant to be targeted,” William Evanina, an FBI agent and the director of the U.S. National Counterintelligence and Security Center told Reuters.
“Some of those groups we attribute to nations like Russia may be restructuring their target list because they now have strategic targets that are in the country rather than having them abroad in different countries and government buildings,” Jens Monrad, principal intelligence analyst at security company FireEye told ZDNet.
Andrea Little Limbago, chief social scientist at security firm Endgame told ZDNet that one group that might be targeted while in Russia would be the foreign media. However, she added that the deception element could come into play here, with other nations attempting to make attacks trying to shift the blame.
“That doesn’t mean that other folks won’t, or that other groups won’t masquerade as Russia. That’s one of the trends we’re seeing, the masquerading and deception that’s going on and that’s only going to advance”.
But while nation-states may end up using Russia as an arena for playing the grand game of international geopolitics, they’re not going to be the only players looking to flex their muscles — some cyber criminal groups could look to cash in, too.
“But we do in fact also see countries like Russia being heavily impacted by organised crime which has historically targeted them. There could also be an escalation in these groups which are motivated because they have a global audience,” said Monrad.
“Maybe visitors are bringing devices or computer equipment that’s easier to compromise because they’re at an event and they’re lowering their defensive bars,” Monrad said.
READ MORE ON CYBER CRIME