This post first appeared on the Thales eSecurity Blog here.
Now that it’s September, the excitement is beginning to build in earnest for the 2019 Rugby World Cup. Sports fans aren’t the only ones who are looking forward to this event. Unfortunately, digital criminals are also closely following the buzz surrounding this tournament.
It’s not like bad actors haven’t taken an interest in major sporting events before. At the 2018 Winter Olympic Games held in PyeongChang, for instance, cyber criminals leveraged a previously unknown family of malware called Olympic Destroyer to attack the Games’ servers just before the opening ceremony. This incident prevented many spectators from printing out their tickets, thereby robbing them of the chance to attend the ceremony. Just a couple of months after that, World Rugby itself announced that one of its training websites had suffered a security breach that exposed subscribers’ account information.
Japan, the host country of both the 2019 Rugby World Cup and the 2020 Summer Olympic Games, is well-aware of these previous incidents. That’s why it announced it would pursue two measures designed to strengthen its national digital security posture ahead of these sporting events. First, it said that it would invest in cultivating military assets in the digital space, as reported by the Organization for World Peace. Second, Japan announced that the government-backed National Institute of Information and Communications Technology would conduct a national scan of Internet of Things (IoT) devices. The country said that it would use the consent of Internet service providers to check routers, webcams and other devices for potential security vulnerabilities, per NDTV.
That being said, neither Japan nor World Rugby can keep users safe against every digital threat out there. In fact, World Rugby made a note of this in its privacy policy for the 2019 World Cup:
The security of the information you provide is very important to us and we try to provide secure transmission of your information. While we strive to protect your personal information, we cannot guarantee the security of any data transmission over the Internet…. We urge you to take precautions to protect your personal information when you are on the Internet.
Users can help protect their personal data by using a VPN and protecting each of their web accounts with a strong, unique password. Regarding the 2019 Rugby World Cup, they should also follow a few additional security best practices. These include:
- Stay away from fraudulent apps: It’s common for digital attackers to capitalize on sporting events like the Rugby World Cup by creating lookalike apps. These programs frequently abuse stolen branding to infect unsuspecting users with malware or steal their personal data. To protect themselves against this fraudulent software, users should make sure they download the official Rugby World app.
- Exercise caution around suspicious documents: Malicious actors commonly use suspicious documents to prey upon sports fans. During the 2018 World Cup, for instance, Trend Micro came across a document, detected as W2KM_POWLOAD.ZYFG-A, that claimed to predict the outcome of various game matches in the tournament. When opened, the document asked users to enable macros. Doing so displayed a fabricated game synopsis while macro code downloaded an infostealer capable of taking screenshots and keylogging. This attack highlights the importance of never enabling macros, especially when users come across suspicious documents.
- Look out for other types of fraud: Malefactors don’t attempt to undermine users’ digital security solely. There are other attackers who’ll use fake merchandise, illegitimate betting sites and ticket fraud to steal information and/or money from unsuspecting fans. These threats highlight how users should do their research and purchase tickets, buy merchandise and place bets on reputable websites only.
At the same time, organizations should take steps to protect their employees against scams that use the Rugby World Cup as a lure. They can do this by implementing security controls like encryption and multi-factor authentication (MFA) in order to prevent digital attackers from exposing their sensitive data and from gaining access to sensitive IT assets.
Thales is currently working with the French Rugby Federation to help improve player safety. For more information on this, read Satellite Navigation on the Rugby Field and watch this video on GeoNav IoT, A Secure GeoNav Solution
In addition, visit the Thales eSecurity website for more information on our enterprise security solutions .