Security threats during the soccer World Cup have already started. The World Cup and other large events usually correlate to an increase in malware and network attacks. With billions of people watching, almost half the world, there is sure to be some who will take advantage of this opportunity with phishing campaigns.
Users are receiving emails with malware that claim to contain the schedule and score sheets for the World Cup. An example document is titled “World_Cup_2018_Schedule_and_Scoresheet_V1.86_CB-DL-Manager.” We recommend monitoring WatchGuard Threat Lab’s threat landscape page during the World Cup to see if there are any other attacks during this time.
In order to combat themed phishing attacks, we must all practice our soccer moves.
- Just as the World Cup results so far are not expected, be sure to be vigilant of website links that don’t use the expected domain names or certificates.
- If you receive the ball or an email that is suspicious check with your teammates or IT. If you are IT for your company, check the email headers to ensure it is coming from the correct source.
- There are no penalties for checking a file you downloaded with your local antivirus or with VirusTotal. This is good practice even if the files do come from a trusted source.
- Server admins must hold the line to catch any hackers offsides. Inspect all traffic going to your server by setting up a firewall and ensure your security subscriptions are up to date.
- Make sure to keep your internal servers inbounds. Block access to your internal server from external sources except from IPs and ports you expect.
If you follow these steps to score in the game the results won’t be surprising.