World Cup Brazil 2014: Don’t score an own goal
Part 1 – Phishing and malware
In less than a month 32 national teams and thousands of football fans will descend on Brazil for the 2014 FIFA World Cup. For a month the whole world will be watching arguably the biggest sporting event on the planet. Right now the players and coaches are fine-tuning their tactics, game plans and strategies in order to outwit their opponents. And so are the cybercriminals.
A few months ago we described some attacks that were exploiting the World Cup theme. They included fraudulent domains selling fake tickets, fake giveaways, and several phishing and malware campaigns that targeted users’ credit cards. The cyberattacks have continued as the tournament approaches. In this weekly series of four blogposts my colleague Dmitry Bestuzhev and I will provide details of the latest attacks, and offer tips to travelers and users on how to remain secure while visiting Brazil or searching online for match-related videos or results.
In this first part we’ll look at some very professional phishing and malware attacks that use digitally-signed malware, a breached customer database used for online ticket sales, SSL-certified phishing domains and a lot of social engineering. All the attacks had the same goal: to infect your machine and steal your money.