You can wait completely for nothing as you try to exterminate everything.
Two announcements this week shed light on the degree to which cyberattacks are piggybacking off events.
- Security researchers have identified 16,000 scam domains targeting FIFA World Cup 2022, cyber firm Group-IB said in a statement on Tuesday.
- Cybercriminals are turning to a host of scams, from selling fake tickets to fake tokens, linked to the World Cup, cybersecurity company CloudSEK said in a report on Tuesday.
“The hype and popularity of the FIFA World Cup has attracted audiences from across the globe. And this in turn attracts various cybercriminals who want to use various fans and participating organizations to make a quick buck,” CloudSEK’s report says. “Cybercriminals are motivated by profit, ideology or geopolitical alliances. ”
Those two pieces of research capture only a portion of World Cup-related cybersecurity concerns. Some of the specific concerns are this year’s host, Qatar, a nation that has been under increasing scrutiny by US officials in recent years. European security regulators have recently warned against downloading Qatar World Cup maps, saying they pose significant privacy risks.
The investigation by Group-IB and CloudSEK follows other warnings from the cybersecurity industry.
- State-sponsors who focus on gathering intelligence “are likely to see the 2012 FIFA World Cup as a target for a rich environment of cyber espionage and surveillance against foreign dignitaries and businessmen,” Future Future warned this month. The firm said it does not expect disruptive attacks in the event from hackers backed by foreign countries, however.
- Also this month, Digital Shadows called attention to some of the same type of scams that Group-IB and CloudSEK were doing. Kaspersky, meanwhile, has called attention to eliminating fake services among other threats.
- The volume of malicious emails in Arab countries rose 100 percent in October, according to Trellix observations. “It is common practice for attackers to use important/popular events as part of social engineering and primarily target organizations that are involved. [the] the thing and the promised victim[s] to attack Daksh Kapur and Sparsh Jain wrote for the college.
About 3.6 billion people watched the 2018 World Cup, FIFA said. This was more than half of the population of the group of people four and older.
Group-IB matched the other numbers. In addition to 16,000 hacked domains, the firm says there are about 40 fake apps on the Google Play Store, more than 90 potentially suspicious accounts on the Qatari fan ID app Hayya, and dozens of fake social media accounts, mobile apps and tablets.
One example: Scammers put up a fake ad on social media stores selling purple T-shirts, with 130 social media accounts. When a visitor enters their bank account, the scammers make off with the victim’s money, and possibly even their card information.
CloudSEK also had some math. FIFA World Cup 2018 is subject to 25 million cyberatts daily, the company said.
Financially motivated hackers do things like sell fake Hayya cards, need to enter the stadium on game day, or phony “World Cup badges” and “World Cup coins” and promote them as limited edition cryptocurrencies.
- The latter seems to be capitalizing on the fact that Crypto.com is an official sponsor of the event. Also, Bianca has been linked to a soccer star Cristiano Ronaldo Promote non-fungal diseases.
Hacktivists are also active this yearit is called multitude.
“The World Cup has gathered the hearts of hacktivists, who have returned to social media to rally their allies and partners to boycott the Qatar 2022 FIFA World Cup,” according to CloudSEK. Messages from groups like Postumius have also been posted on cybercrime forums, asking threat actors to call others to help them.
Some of the hacktivists scattered denial of service attacks by flooding one site with fake transactions, the company’s announcement said. These attacks are not as destructive as other types of cyberattacks, but they can be frustrating for people trying to access websites. Activists say they are concerned about human rights abuses in Qatar.
China investigated for use of covid protest as part of crackdown
As it tries to quell the protests related to Covid-19, the Chinese government is using its “system of surveillance from all sides”. Wall Street Journal’s Rachel Liang and Brian Spegele reported. Officials appear to be using cell phone data and other tools to track protesters and perpetrators.
Police in Shanghai and Beijing checked the phones of people near protest sites to see if they had the Telegram app or virtual private networks on their phones, according to a WeChat message from Qu Weiguo, an English-language professor at Fudan University in Shanghai, our Lyric colleague Li reported today. protesters used such services to avoid censors.
White House press secretary Karine Jean-Pierre said she had no new information about whether the administration would install a “Great Firewall” to help Chinese Internet users get around it. In September, the Biden administration offered aid to Iranian insurgents seeking to avoid censorship and detention.
South Dakota has banned state contractors and employees from using TikTok for government purposes
The ban comes under the executive order of South Dakota Gov. Kristi L. Noem (R) signed on Tuesday, the Associated Presss, reports Stephanus Groi. It comes amid renewed Washington scrutiny of the short-form video app over surveillance and propaganda concerns.
“The Chinese Communist Party is using the information it collects on TikTok to manipulate the American people, and they will collect data on the devices that have accessed the platform,” Noah said in a statement. TikTok owner ByteDance did not respond to the AP’s request for comment on Noah and the ban, but TikTok’s chief operating officer Vanessa Pappas He previously said the company is protecting its American users and that Chinese government officials do not have access to the data.
The South Dakota ban comes as TikTok and the U.S. government are working to block a potential deal with an international authority. The U.S. military has similarly banned TikTok from government military operations.
Twitter does not enforce covid-19 misinformation policy, crowd says
Since then introducing its policy against covid misinformation in 2020; Twitter It has suspended more than 11,000 accounts and removed more than 100,000 pieces of content for violating the policy. Now the company is ending the ban, in its latest pivot Elon Musk’s acquisition of Twitter.
The shift worries some public health experts, who say it could discourage some people from getting vaccines; Taylor Lorenz delivers At the same time, investigating which content violated the policy, it was a challenge for Twitter, which was criticized for noticing something that turned out to be true.
“However, Twitter has also been working to accurately police misinformation and has recently started disseminating some information about covid as misinformation and banning scientists and researchers who tried to report to the public the long-term effects of covid on the body,” Taylor writes. “As of last weekend, many tweets promoting anti-vaccine content and covid misinformation remained on the platform.”
No answers in Pegasus hack scandal as Spanish spy chief remains mute (Euronews)
NHS Palantir deal draws legal risk from patient groups (Bloomberg News).
UK parliament moves inquiry into national security war over ransom (The Record)
TSA considers coming through third-party assessors pipeline regulations (NextGov)
DOD wants cyber apprenticeships for contractors, but acquisition rules may remain a barrier (FCW)
- Deputy National Security Council Anna NeubergerMaryland Gov. Larry Hogan (R), National Institute of Standards and Technology Directorate Laurie Locascio and other officials are speaking at the World Quantum Conference in Washington on Wednesday and Thursday.
- National Cyber Director Christopher EnglishCISA executive director Brandon Wales and Neuberger are speaking at a meeting of the National Telecommunications Security Advisory Committee on Thursday at 3:30 p.m.
Thanks for reading. See you tomorrow.