Symantec warns of increasing cyber attacks leading up to the 2010 Soccer World Cup

Symantec Corp. is warning South Africans to take care to protect themselves against a plethora of attacks over the Internet and likely to hit around the 2010 FIFA World Cup Tournament, all focused on monetary gain.

“Attackers on the Internet either try to compromise legitimate websites and so gain sensitive information, or they spam e-mail users with messages that try to persuade users to go to illegitimate websites where their personal information can be harvested,” said Candid Wüest, senior security researcher for Symantec.

Symantec's Security Response Lab has already seen evidence of FIFA-related spam and expects to see this grow in the run-up to the event. According to Symantec's monthly spam reports, around 10% of all spam in 2008 was fraud-related, such as those advertising false tickets.

During the previous FIFA World Cup, related phishing attacks jumped by 40%. As many as 4,615 phishing hosts per month were discovered in 2008, up 66% over the previous year.

Symantec's annual Internet Security Threat Reports have shown that countries introducing pervasive broadband services experience an immediate increase in threats, as cybercriminals take advantage of breaches and vulnerabilities arising from inadequate security. This has been seen in countries such as Brazil, Turkey and Poland. South Africa is likely to follow this trend once new undersea cables have been successfully installed.

“Because broadband penetration has thus far been so low, the introduction of improved broadband access this year is likely to bring a major increase in threats to Internet users,” said Wüest. “And you can expect to be attacked perhaps a thousand times a day. Larger websites might see up to a million attacks daily.”

“Soccer is one of the most popular sports in the world,” said Philippe Verveer, who served as IT director for the FIFA 1998 Soccer World Cup, and was director of technology for the International Olympic Committee until 2005. “It took us up to seven years of preparation to set up and organise events such as the upcoming FIFA 2010 Soccer World Cup.”

Information security specialists believe that three basic types of information attributes need to be protected around global events: availability, integrity, and confidentiality.

The availability of information, for example, could be compromised through denial-of-service attacks where users are prevented from accessing legitimate websites. These types of attacks are very common around large-scale sporting events, resulting in lost orders for businesses offering goods and services online. These will probably be focused on, but not limited to, FIFA and World Cup-related websites and organisations.

Organisations need to secure the integrity of their information, particularly confidential information provided by users accessing websites offering services and products relating to the event. Hackers will attempt to gain access to valuable information through compromising user accounts, for instance, and can also reach customer information held in databases that run behind these websites.

“Organisations should not assume that in the case of their websites being compromised, the only risk they face is text being altered,” said Wüest.