The Fédération Internationale de Football Association, better known as FIFA, has been the victim of a phishing attack that resulted in data stolen. FIFA acknowledged this week that its computer systems were hacked earlier this year for the second time and officials from European soccer’s governing body fear they also might have suffered a data breach.
The second attack on FIFA occurred in March. The scale of the attack is still unclear.
UEFA officials were targeted in a so-called phishing operation in which third parties fool their targets into giving up password-protected login details, though the organization has been unable to find traces of a hack in its computer systems.
Commenting on the news are the following security professionals.
Rob Shapland, Principal Cybersecurity consultant at Falanx Group:
“The hack on FIFA appears to have been a very common phishing attack that tricks users into entering their password into a fake version of a website that they recognise, such as Microsoft Outlook. Preventing such attacks requires a multi-level approach, using email defence software to filter out emails that have links masquerading as legitimate sites, combining this with awareness training for staff so they know what to look out for, and regular controlled phishing tests to educate staff on the types of tactics used by nation states and cyber criminals. FIFA may not have been using this approach due to cost or lack of knowledge on how to defend, or it’s possible they just got unlucky and the email bypassed their filters and a staff member clicked the link.”
Paul Edon, Technical Director (EMEA) at Tripwire:
“Hackers are getting ever more creative when it comes to fooling users, and this attack on FIFA is evidence of that. Phishing campaigns are extremely popular and aim to dupe people into giving away personal and financial information, which is why individuals should be vigilant of the links and attachments sent to them. If you believe it could be suspicious then avoid interacting. However, malicious cybercriminals are preying on human naivety which is why these attacks continue to be successful. Granted, it is becoming more difficult to track malicious attackers as they are getting better at mimicking valid content from reputable organisations. The best way organisations and individuals can help avoid future attacks is through education programs, understanding the risks and consequences of clicking unknown links and attachments is a critical defence against Phishing type attacks. Regardless of whether you believe the email to be legitimate or not, never click on inbuilt links. Always open your own web browser and log in to your account on the official website. If there is a legitimate requirement for you to update or re-enter information, it should be referenced within your specific account instance.”
The second attack on FIFA occurred in March. The scale of the attack is still unclear.
UEFA officials were targeted in a so-called phishing operation in which third parties fool their targets into giving up password-protected login details, though the organization has been unable to find traces of a hack in its computer systems.
Commenting on the news are the following security professionals.
Rob Shapland, Principal Cybersecurity consultant at Falanx Group:
“The hack on FIFA appears to have been a very common phishing attack that tricks users into entering their password into a fake version of a website that they recognise, such as Microsoft Outlook. Preventing such attacks requires a multi-level approach, using email defence software to filter out emails that have links masquerading as legitimate sites, combining this with awareness training for staff so they know what to look out for, and regular controlled phishing tests to educate staff on the types of tactics used by nation states and cyber criminals. FIFA may not have been using this approach due to cost or lack of knowledge on how to defend, or it’s possible they just got unlucky and the email bypassed their filters and a staff member clicked the link.”
Paul Edon, Technical Director (EMEA) at Tripwire:
“Hackers are getting ever more creative when it comes to fooling users, and this attack on FIFA is evidence of that. Phishing campaigns are extremely popular and aim to dupe people into giving away personal and financial information, which is why individuals should be vigilant of the links and attachments sent to them. If you believe it could be suspicious then avoid interacting. However, malicious cybercriminals are preying on human naivety which is why these attacks continue to be successful. Granted, it is becoming more difficult to track malicious attackers as they are getting better at mimicking valid content from reputable organisations. The best way organisations and individuals can help avoid future attacks is through education programs, understanding the risks and consequences of clicking unknown links and attachments is a critical defence against Phishing type attacks. Regardless of whether you believe the email to be legitimate or not, never click on inbuilt links. Always open your own web browser and log in to your account on the official website. If there is a legitimate requirement for you to update or re-enter information, it should be referenced within your specific account instance.”