This year’s World Cup in Brazil, which got underway June 12 in Sao Paulo and concludes July 13 in Rio de Janeiro, has captivated the world. In addition to the millions who have attended the matches so far, enormous viewing parties have been held even in countries such as the U.S., where roughly 8,000 gathered at AT&T Stadium in Dallas, Texas. Overall, more than 3 billion viewers worldwide may tune in before the competition ends.
Cybercrime, the World Cup and the unique case of Brazil
With such massive, widely dispersed viewership, the World Cup is an inevitable target for cybercrime. Just as the event features national teams from every continent, it has already attracted a similarly comprehensive range of malicious schemes that run the gamut from Wi-Fi sniffing to elaborate social engineering.
Compounding the problem is Brazil’s prominent position within both South America and global cybercrime networks. Its massive population and rapidly developing economy have made it a leading hotbed for spam campaigns, malware distribution and botnet/URL hosting. The Trend Micro research paper Brazil, Cybersecurity Challenges Faced by a Fast-Growing Market Economy outlined the ongoing emergence of a significant underground economy in Brazil:
- Brazil accounted for 38 percent of all spam in Latin America, being the only nation with annual message volume greater than 500 million.
- Already, four in 10 Brazilians use smartphones, and the country’s population is at high risk of privacy exposure via mobile apps, ranking sixth worldwide. Similarly, Brazil is fourteenth in overall download volume of Android malware.
- Major Trojans such as BANCOS (for online banking theft) and DOWNAD (which exploits Brazilians’ current reliance on pirated software) now regularly target Brazilians.
In this context, hosting the world’s preeminent sporting event in Brazil harbors unique risks. Earlier this year, a group of Brazilian hackers expressed intent to attack websites operated by the country’s government (perceived by some to have overspent on infrastructure for the competition) as well as the Fédération Internationale de Football Association, which organizes the World Cup. There are deep-seated political and financial motives for cybercrime in Brazil, and the 2014 FIFA World Cup could very much be the crest of a wave that has been forming for years.
“Cybercrime is a lot more rampant in Brazil than it is in the United States, and in many ways Brazil has been the trendsetter in cybercrime,” observed Gartner cybersecurity analyst Avivah Litan, according to The New York Times.
Fake apps, tantalizing ticket deals and porous Wi-Fi: Dealing with top World Cup risks
So far, there haven’t been any major breaches or network security incidents at this World Cup. Still, fans, organizers and remote viewers should continue to exercise caution when using wireless networks or interacting with event-specific websites and apps.
Watch out for fake apps
In early June, Trend Micro mobile threats analysts Veo Zhang warned about the spread of fake Android apps in the run-up to the opening match between Brazil and Croatia. These imposters may lure users into subscribing to premium services or unknowingly handing over sensitive information such as phone contacts lists. Cybercriminals have many options at their disposal for taking advantage of the intense interest in the World Cup, which has really spilled over this time around in mobile apps and websites.
FIFA reported that its official app had already been downloaded 20 million times within 26 days of its June release, making it the most downloaded sporting event app of all time. During the final moments of the pivotal USA-Germany Group Stage match, nearly 80 million users were connected to World Cup content on mobile devices alone.
There is undoubtedly enormous opportunity for theft, extortion and cyberattacks as people increasingly engage with the World Cup via smartphones and tablets, but only the event’s incredible scope make it unique in this respect. Consumers have to keep an eye out for suspicious campaigns that take advantage of any major sporting, seasonal or newsworthy event.
Recognize social engineering schemes
Social engineering is simply the deception of people in order to get them to do something they wouldn’t have done willingly. World Cup tickets and promotions have been a bonanza for such schemes so far:
- A scam website profiled by Trend Micro senior threat researcher Fernando Mercês purported to sell tickets to the final World Cup match in Rio de Janeiro for just under $4,000, an enormous markup from FIFA’s prices. The site included subdomains for multiple countries to make it seem more legitimate.
- The popular FIFA ’14 console video game, found in some Web searches for the 2014 World Cup, was targeted in a scheme offering an access key to play pirated copies for free. However, the key generator is lightly modified malware.
- Individuals must be vigilant of free match streaming sites and pop-ups that offer related promotions and free tickets. Many of these properties are filled with adware and other threats.
Trend Micro’s “How Social Engineering Works” report singled out major sporting events as magnets for these schemes. There’s nothing bigger than the World Cup, and these “too good to be true” offers could keep popping up until it ends, at which point cybercriminals may latch onto something else.
Use care when selecting a wireless network
Wireless security has been a top concern at this particular World Cup, given the worldwide proliferation of mobile devices since 2010 in South Africa. One of the World Cup security centers even had its Wi-Fi username and password displayed in plaintext in a photo published to a Brazilian newspaper.
Moreover, everyone has to be on the lookout for fake and compromised Wi-Fi networks. Wireless is widely available, but not all of it is safe.
“These [risky networks] are easy to create by hiding a wireless router or hotspot in the vicinity and giving the connection a plausible sounding name like Stadium Internet,” said Bob West, chief trust officer at CipherCloud. “Avoid this by asking the venue for the name of their network. Otherwise, connect at your own risk – anything you send through an ‘evil twin’ network is accessible to the bad guy.”