2 min read

UK National Cyber Security Centre Warns Sports Organizations of Ransomware and BEC attacks

Alina BÎZGĂ

July 24, 2020

UK National Cyber Security Centre Warns Sports Organizations of Ransomware and BEC attacks

UK”s National Cyber Security Centre (NCSC) has issued a warning about the growing risks of sports organizations becoming valuable targets for ransomware attacks, phishing campaigns and Business Email Compromise (BEC).

“We are urging sports teams and organizations to strengthen their cyber security defenses after a new survey revealed that 70% have been attacked by cyber criminals in the last 12 months,” The NCSC said in a recent tweet.

According to a survey commissioned by the agency, cyber threats and attacks have increased significantly in the past year. The report shows that at least 70% of sports organizations have fallen victim to at least one cyber incident, which is “more than double the average for UK businesses.”

The report highlights that around 30% of incidents resulted in direct financial damage to the victims, with costs per incident varying from £500 to £100,000.

Sports organizations are mainly targeted by financially motivated cyber-criminals, and data collected during the survey suggests that most cyber-attacks use common techniques such as phishing, password spraying and credential stuffing. When security measures are poorly implemented, bad actors can easily exploit unpatched or unsecure systems, and deploy social engineering schemes to gain access to employee accounts or business systems.

“While cyber security might not be an obvious consideration for the sports sector as it thinks about its return, our findings show the impact of cyber criminals cashing in on this industry is very real,” said Paul Chichester, Director of Operations at the NCSC. “I would urge sporting bodies to use this time to look at where they can improve their cyber security – doing so now will help protect them and millions of fans from the consequences of cyber crime.”

However, according to research, criminals take their time before undergoing an attack, gathering intel and information on sports organizations to assure 100% success.

BEC schemes were named the biggest cyber threats for sports organizations. Around 75% of respondents said that fraudulent emails, text messages and phone calls were the main attack vectors.

Most recently, a managing director of the Premier Football League fell victim to a spearphishing attack that allowed cyber-criminals to use his credentials to redirect £1 million to their account. In this case, the attackers set up Office 365 auto-forwarding rules to external email accounts and managed to re-route nearly 10,000 emails. Luckily, the transfer failed, as the fraudulent payment was stopped by the financial institutions” fraud control systems.

The NCSC advises “one of the best technical controls to reduce the risk of BEC is multi-factor authentication (MFA).”

“MFA provides an extra layer of security for online services, preventing attackers from accessing them with passwords alone,” the report said. “Survey results indicate that 51% of sports organisations already use MFA on some services, this is a key action area.”

Malware attacks were also a popular trend cited by the agency, with 40% of all attacks on sports organizations involving some form of malicious software, a quarter of which was ransomware.

“Basic security controls such as antivirus, firewalls and user access controls are typically implemented by sports organisations,” the NCSC said. “However, 21% of surveyed companies do not have a patching strategy and 25% do not back up their data.”

The agency recommends patching and ensuring that all operating systems are running on the latest updates. Organizations should also focus on backing up their data, to decrease the financial impact and recovery time in case of an attack.

tags


Author



Right now

Top posts

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read
The Top Five Security Risks Smartphone Users Face Today

The Top Five Security Risks Smartphone Users Face Today

July 02, 2021

4 min read
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

July 02, 2021

3 min read
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

June 30, 2021

2 min read
Mobile security threats: reality or myth?

Mobile security threats: reality or myth?

June 13, 2021

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Fraud Family cybercrime ring under the spotlight as arrests made in the Netherlands Fraud Family cybercrime ring under the spotlight as arrests made in the Netherlands
Graham CLULEY

July 23, 2021

3 min read
Homoglyph domains used in BEC scams shut down by Microsoft Homoglyph domains used in BEC scams shut down by Microsoft
Graham CLULEY

July 22, 2021

3 min read
China Sets Up New Worrying Vulnerability Disclosure Rules China Sets Up New Worrying Vulnerability Disclosure Rules
Silviu STAHIE

July 20, 2021

1 min read