Following the publication of its new report, Cyber Threat to Sports Organisations, the National Cyber Security Centre (NCSC) has urged sporting organisations to use this quiet period for the sector to review their cybersecurity.
The report outlines a number of cybersecurity incidents in sporting organisations, including one attempt to sabotage a £1 million Premier League transfer deal.
In this case, the managing director of a Premier League club had his email account hacked prior to a transfer negotiation. He had been targeted by a spear-phishing attack that led him into entering his Office 365 credentials into a spoofed login page. When he later initiated contact with a European club about a £1m transfer, the criminals saw their opportunity to profit from their access. By positioning themselves between both clubs, the criminals then hijacked the dialogue, with each club believing they were still communicating with the other club. They then changed the account details for a payment request, so the transfer fee would go to their account instead. Fortunately, the club’s bank refused the transfer because the destination account had a fraud marker, otherwise the club would have lost the seven-figure sum.
Other events detailed in the report include a football club almost needing to cancel a match after a ransomware attack disabled its turnstiles and CCTV systems. In another incident, a racecourse employee was tricked into buying £15,000 of equipment from a fake version of eBay, resulting in the racecourse not receiving the equipment or being able to recover its funds. One hacker also managed to access sensitive performance data for athletes after compromising the email account of a staff member.
The NCSC’s Director of Operations, Paul Chichester, said:
“Sport is a pillar of many of our lives and we’re eagerly anticipating the return to full stadiums and a busy sporting calendar. While cybersecurity might not be an obvious consideration for the sports sector as it thinks about its return, our findings show the impact of cybercriminals cashing in on this industry is very real. I would urge sporting bodies to use this time to look at where they can improve their cybersecurity – doing so now will help protect them and millions of fans from the consequences of cybercrime.”
Cybercrime is, of course, not a phenomenon that is unique to sporting organisations, because money-motivated cybercriminals are always looking for new high-value targets for profitable opportunities. In many of the cases listed in the report, the attack could have been avoided by offering the relevant employees cybersecurity training, much like that we provide at Pro-Networks through our IT support and services. This can be further improved through the use of technologies like multi-factor authentication to mitigate the effect of compromised credentials.
We can also help you bolster your overall cybersecurity defences with technologies like physical firewalls, internal vulnerability scans and threat monitoring, so you can achieve all-round protection from threats such as ransomware.