Great win, U.S. soccer team! Now, hackers


Welcome to Cybersecurity 202! Dear Futbol fans, please don’t be mad at me for calling it ‘Football’.

Below: A US governor bans TikTok from state agencies, and Twitter has stopped enforcing its rules on covid misinformation. Or not:

Cyber ​​attacks rain on the World Cup Festival

The World Cup is one of the most watched events on the planet, and it achieved a record number of viewers in the United States this year as well. As the US men’s national team advances to the next round, more Americans are watching a sport that is not as popular in the United States as it is in many other countries.

So naturally you would expect hackers to try to destroy everything.

Two reports this week shed light on the degree to which cyberattacks are killing the event.

  • Cyberfirm Group-IB said in its report on Tuesday that security researchers have identified 16,000 fraudulent domains using the 2022 World Cup trademarks.
  • Cybercriminals are turning to a range of scams, from selling fake tickets to fake crypto tokens linked to the World Cup, cybersecurity firm CloudSEK said in its report Tuesday.

“The fanfare and popularity of the FIFA World Cup has attracted audiences from all over the world. This in turn attracts a variety of cybercriminals, who want to exploit the diverse following, and participating organizations, to make a quick profit,” the CloudSEK report states. “Cybercriminals are motivated by financial gain, ideology, or geopolitical affiliations.”

These two pieces of research only capture a portion of the cybersecurity concerns related to the World Cup. Some of the concerns are specific to this year’s host, Qatar, a country that has drawn increasing concern from US officials in recent years about its surveillance efforts. European security regulators recently warned against downloading Qatar World Cup apps, saying they pose significant risks to privacy.

The Group-IB and CloudSEK research follows other warnings from the cybersecurity industry.

  • Recorded Future warned this month that state-sponsored hackers focused on intelligence gathering “are likely to view the 2022 FIFA World Cup as a target-rich environment for cyberespionage and surveillance against foreign dignitaries and businessmen alike.” The company said it did not expect sabotage attacks on the event from foreign-backed hackers.
  • Also this month, Digital Shadows drew attention to some of the same type of scams by Group-IB and CloudSEK. Meanwhile, Kaspersky has drawn attention to its mock match streaming services, among other threats.
  • The volume of malicious emails in Arab countries increased by 100% in October, according to observations by Trelex. “It is a common practice for attackers to take advantage of important/trending events as part of social engineering tactics particularly targeting relevant organizations [the] Event and more promising victim[s] to attack”, Daksh Kapoor And the Sparsh Jane Books for the company.
Lire Aussi :  Jayson Tatum and Jaylen Brown Are Entering Historic Scoring Territory

FIFA said that nearly 3.6 billion people watched the World Cup in 2018. That’s more than half of the world’s population of 4 years and older.

Group-IB tallied other numbers. Besides the 16,000 fraud domains, the company says it has uncovered around 40 fake apps in the Google Play Store, more than 90 potentially hacked accounts on Qatar fan ID app Hayya, as well as dozens of fake social media accounts, mobile apps and ads.

One example: Scammers created a fake merchandise website purporting to sell national team jerseys, and injected it with 130 ads on social media marketplaces. When a visitor enters their bank card details, scammers steal their victims’ money, and possibly even their card information.

CloudSEK had some math, too. The company said that the 2018 FIFA World Cup was subjected to 25 million cyber attacks per day.

Financially motivated hackers do things like sell fake Hayya cards needed to enter the stadium on match day, or provide fake “World Cup tokens” and “World Cup coins” and promote them as limited-edition digital currency.

  • The latter idea seems to take advantage of the fact that is the official sponsor of the event. Similarly, Binance has teamed up with the soccer star Cristiano Ronaldo To promote football-themed non-fungible tokens.

Hackers have also been active this yearThe company said.

According to CloudSEK, “The World Cup has attracted the attention of hacktivist groups, who have taken to social media to rally their followers and allies to boycott the FIFA World Cup Qatar 2022.” “Messages from groups like Anonymous have also been posted on cybercrime forums calling on other threat actors to support them.”

Lire Aussi :  Only losing for C.J. Stroud or Bryce Young can save Panthers

The company’s report said some hacking activists are focusing on distributed denial-of-service attacks that flood a website with fake traffic. These attacks are not as destructive as other types of cyberattacks, but they can be frustrating for people trying to access websites. Hacking activists say they are concerned about human rights abuses in Qatar.

China is using surveillance as part of its crackdown on coronavirus protests

As it tries to stifle virus-related protests, Chinese government uses ‘pervasive surveillance system’ Wall Street Journal You mentioned Rachel Liang and Brian Spiegel. Officials appear to be using mobile phone data and other tools to track protesters and organizers.

Police in Shanghai and Beijing checked people’s phones near protest sites to see if they had Telegram or VPNs on their phones, according to a WeChat post from Qu Weiguo, a professor of English at Fudan University in Shanghai, our colleague Lyric Lee reported today. . Protesters used such services to avoid censorship.

White House press secretary Karen Jean-Pierre said she had no new information about whether the administration plans to help Chinese netizens circumvent China’s “Great Firewall.” In September, the Biden administration offered aid to Iranian protesters seeking to evade censorship and surveillance.

South Dakota contractors and employees have been banned from using TikTok on government devices

The ban was ordered by an executive order from the state of South Dakota. Christie L (r) occurred Tuesday, News agencyReporting by Stephen Groves. It comes amid Washington’s renewed scrutiny of the short-form video app over surveillance and publicity concerns.

“The Chinese Communist Party uses the information it collects on TikTok to manipulate the American people, and they collect data from devices that access the platform,” Noem said in a statement. TikTok owner ByteDance did not respond to the AP’s request for comment on Noem’s statement and the ban, but TikTok’s chief operating officer Vanessa Pappas He previously said that the company protects the data of its American users and that Chinese government officials do not have access to the data.

Lire Aussi :  The Sixers May Finally Be Normal, but Can They Be Special?

South Dakota’s ban comes as TikTok and a US government panel with the power to block international deals work on a potential agreement. Similarly, the US military has banned TikTok on government devices for government forces.

The company says that Twitter no longer has a coronavirus misinformation policy

Since introducing its covid misinformation policy in 2020, Twitter It suspended more than 11,000 accounts and removed more than 100,000 pieces of content for policy violations. Now, the company is ending the ban, on its latest pivot yet Elon Musk Twitter takeover.

The shift has some public health experts worried, who say it may discourage some people from getting vaccines, Taylor Lorenz reports. At the same time, patrolling over content that violates the policy has been a challenge to Twitter, which has been criticized for censoring some content that turned out to be true.

“However, Twitter has also struggled to accurately police misinformation, and recently began labeling some factual information about covid as misinformation and banning scientists and researchers who have attempted to warn the public about the long-term harm of covid to the body,” Taylor wrote. “As of this past weekend, several tweets promoting anti-vaccine content and misinformation about the spread of coronavirus remained on the platform.”

No answers on Pegasus hacking scandal as Spain’s intelligence chief remains silent (Euronews)

Palantir deal with NHS raises legal threat from patient groups (Bloomberg News)

British Parliament launches an inquiry into the National Security Strategy on ransomware (The Record)

The Transportation Security Administration (TSA) is considering the use of third-party assessors in upcoming pipeline regulations (NextGov)

DoD Wants Online Apprenticeships for Contractors, But Acquisition Records May Still Be a Hurdle (FCW)

  • Deputy National Security Adviser Anne NeubergerMaryland. Larry Hogan (R), director of the National Institute of Standards and Technology Lori Locasio Other officials speak at the Global Quantum Conference in Washington on Wednesday and Thursday.
  • National Cyber ​​Director Chris InglisCISA Executive Director Brandon Wells and Neuberger speak at the National Security Communications Advisory Committee meeting Thursday at 3:30 p.m

Thanks for reading. see you tomorrow.


Leave a Reply

Your email address will not be published.

Related Articles

Back to top button