Naturally, you can expect hackers to try to screw everything up.
Two reports this week shed light on the extent to which cyberattacks are piggybacking on the event.
- security researcher 16,000 fraudulent domains identified It will use FIFA World Cup 2022 branding, cyber firm Group-IB said in a report Tuesday.
- Cybercriminals are turning to many scamsfrom selling fake tickets to fake crypto tokens tied to the World Cup, cybersecurity firm CloudSEK said in a report Tuesday.
“The hype and popularity of the FIFA World Cup has attracted audiences around the world. They are trying to make quick money,” said the CloudSEK report. “Cybercriminals are motivated by financial gain, ideology, or geopolitical affiliation.”
These two studies only capture some of the cybersecurity concerns related to the World Cup. Some of the concerns are specific to this year’s host, Qatar, Growing Concerns from U.S. Officials in Recent Years about its surveillance activities.European security regulator I was recently warned not to download the Qatar World Cup appsaid it posed a significant privacy risk.
The Group-IB and CloudSEK investigations follow other warnings from the cybersecurity industry.
- Recorded Future warned earlier this month that “the 2022 FIFA World Cup is likely to be viewed as a target-rich environment for cyber espionage and surveillance of foreign dignitaries and business persons.”the company said I didn’t expect a devastating attack However, for events from foreign-backed hackers.
- Also this month, Digital Shadow Alert to Similar Frauds Conducted by Group-IB and CloudSEK. Kaspersky, on the other hand, Alert to fake match streaming servicesamong other threats.
- Volume of Malicious Emails in Arab Countries 100% increase in October, according to Trellix observations. “It is common practice for attackers to use important/popular events as part of their social engineering tactics to specifically target relevant organizations. [the] Events and more likely victims[s] for the attack Daksh Kapoor When sparsh jayne I wrote for the company.
Approximately 3.6 billion people watched the 2018 World Cup. FIFA saidThat’s more than half of the world’s population over the age of four.
Group-IB aggregated other figures. In addition to 16,000 fraudulent domains, the company also identified nearly 40 fake apps on the Google Play store, over 90 accounts potentially compromised with the Qatari fan ID app Hayya, and dozens of fake social media accounts, It says it found mobile apps and ads.
One example: Scammers set up a fake merchandise website that purportedly sells national team t-shirts and promotes it with 130 ads on social media marketplaces. When the visitor enters his bank card details, the scammers steal the victim’s money and even card information.
CloudSEK also had math. According to the company, the FIFA World Cup 2018 was hit by 25 million cyberattacks every day.
Financially motivated hackers sell fake Haya cards required to enter stadiums on match days, or offer fake “World Cup Tokens” and “World Cup Coins” to be advertised as limited-edition cryptocurrency I am doing
- The latter idea seems to take advantage of Crypto.com being the official event sponsor.Similarly, Binance partnered with football stars Cristiano Ronaldo To promote soccer-themed non-fungible tokens.
Hacktivists are also active this yearthe company said.
According to CloudSEK, “The World Cup has caught the attention of hacktivist groups who are using social media to rally their followers and allies to boycott the Qatar 2022 FIFA World Cup”. messages were also posted on cybercrime forums asking for help from other threat actors.”
Some hacktivists have focused on distributed denial-of-service attacks that flood websites with fake traffic, according to the company’s report. but can frustrate people trying to visit your website. Hacktivists say they are concerned about human rights abuses in Qatar.
China employs surveillance as part of crackdown on covid protests
The Chinese government has tried to quell coronavirus-related protests, “Extensive Surveillance System” of of the Wall Street Journal Reported by Rachel Liang and Brian Spegele. Officials appear to be using cell phone data and other tools to track protesters and organizers.
According to a WeChat post by Qu Weiguo, an English professor at Shanghai’s Fudan University, police in Shanghai and Beijing searched the phones of people near the protests to find out if their phones had the Telegram app or a virtual private network. I checked if it is installed. Our colleague Lyric Li reported todayProtesters have used such services to avoid censorship.
White House spokesperson Carine Jean-Pierre said she had no new information on whether the administration plans to help Chinese internet users circumvent China’s “Great Firewall.” September, Biden Administration Offered help to Iranian protesters Trying to evade censorship and surveillance.
South Dakota contractors and employees banned from using TikTok on government devices
The ban was made by executive order of the Governor of South Dakota. Christy L. Nome (R) Signed Tuesday, Associated PressStephen Groves of reportThat comes amid Washington’s renewed scrutiny of short-form video apps over surveillance and propaganda concerns.
“The Chinese Communist Party uses information collected on TikTok to manipulate the American public and collect data from devices that access the platform,” Noem said in a statement. TikTok’s owner, ByteDance, did not respond to his AP’s request for comment on Noem’s statement and ban, but TikTok’s chief operating officer Vanessa Papas The company has previously said it protects US users’ data and Chinese government officials do not have access to the data.
South Dakota’s ban comes after TikTok and a U.S. government commission with powers to block international trade potential agreement. So does the U.S. military forbidden TikTok on military government devices.
Twitter no longer enforces covid-19 misinformation policy, company says
Since introducing our covid misinformation policy in 2020, twitter has suspended over 11,000 accounts and removed over 100,000 content for policy violations.Now the company is ending the ban and in its latest pivot since then Elon Musk’s Acquisition of Twitter.
Some public health experts are concerned that it could discourage some people from getting the vaccine. Taylor Lorenz reportAt the same time, patrolling content that violates its policies has been a challenge for Twitter, which has been criticized for censoring some content that turns out to be true.
“But Twitter also struggled to crack down on incorrect information And recently, they began labeling some factual information about covid as misinformation and banning scientists and researchers who tried to warn the public about the long-term harm covid is doing to the body.” “As of last weekend, many tweets promoting anti-vaccine content and coronavirus misinformation remained on the platform,” Taylor wrote.
Pentagon wants cyber apprenticeships for contractors, but acquisition regulations may still be a roadblock (FCW)
- Deputy National Security Advisor Ann NeubergerGovernor of Maryland Larry Hogan (R), Director of the National Institute of Standards and Technology Laurie Locasio and other civil servants talk at the Quantum World Congress in Washington on Wednesday and Thursday.
- National Cyber Director Chris InglisCISA Executive Director Brandon Wales and Neuberger talk at the National Security Communications Advisory Committee meeting on Thursday at 3:30 p.m.
thank you for reading. see you tomorrow.