Cyber criminals are now preparing more and more traps for sports fans. Tools including phishing letters, fake sites, hacked Wi-Fi networks, card skimmers and even fake ATM’s all form part of the bad guys’ arsenal and criminals are relentless in their pursuit of stolen data, as demonstrated by Circle Sport, a team that fell victim to hackers who held their data to ransom until a sizeable amount of cash was handed over. You can read more here - http://kasperskymotorsport.com/kaspersky-news/ransomware-is-now-a-real-threat-for-motorsport-teams/
As global cybersecurity experts, Kaspersky Lab deals with threats like this day in, day out. So let’s take a look some of the main cyber threats through the race season.
Stealing data may seem an easy option for hackers, but what they really want is access to money. Although ransomware attacks like the Circle Sport example are becoming more common, ecommerce scams have been around for a long time and are still claiming plenty of victims. There are plenty of examples of the kind of techniques criminals deploy here, including the creation of fake ticket sites complete with payment gateways to capture bank & credit card details that can then be used or sold.
Fans should be vigilant online when purchasing any motorsport items including merchandise or event tickets. There are secure ‘https’ servers to make those transactions. You’ll usually be able to identify such sites by the appearance of a golden padlock in your web browser.
Our teams at Kaspersky Lab have already detected and blacklisted domain names that have targeted the world of motorsport, and we are prepared for more attacks.
- Be alert for fake websites, and always check the URL’s carefully for typos.
Mobile device batteries drain faster when you are on the move, for example at a sporting event. Movement tracking apps, frequent web browsing, using apps like Whatsapp to chat with your friends and posting the latest updates on social networks, can quickly sap power.
At race events fans are often able to charge devices via USB at cafés, restaurants and dedicated charging stations. But it’s important to remember that these USB ports can be hacked, giving criminals the opportunity to connect to mobile devices and download valuable personal data.
To combat this, venues are installing special, secure charging points and many fans are choosing to use their own portable power banks to be sure their device is protected.
- Always use your own chargers and connect devices to secure electrical outlets, not USB ports.
Roaming is costly, so travelers attending races abroad often connect to any source of free Wi-Fi they can find. This is always a risky business because cyber criminals can manipulate the Wi-Fi networks and run them parallel to the original to intercept waves of data, giving them another method to gain access to your personal data.
On any given race weekend, there may be hundreds of Wi-Fi access points in and around the race venue. Although it may be the case that visiting the local café to pick up a coffee and connect to the Wi-Fi may seem like a safe thing to do, it may not be.
In our experience 1 in 10 Wi-Fi zones was unsecure and vulnerable to cyber criminals’ evil intentions and 1 in 5 was poorly protected. To put this into perspective, over a quarter of Wi-Fi networks were vulnerable to hackers.
- Don’t connect to Wi-Fi unless you are sure the network is secure and your device is protected.
Skimmers, fake ATM’s and card clones
As well as software based threats like those we’ve already talked about, cyber criminals are creating physical threats too in the form of ATM shells which are placed over the top of original ATM machines. Whilst the user is oblivious to the fact that the machine is fake, the ATM shell records all of the data on the card along with its PIN number. The credit/debit card can then be cloned and used to withdraw cash or make purchases.
Criminals try to look for very populated areas making race weekends, which typically welcome 50,000+ fans, ideal hunting grounds.
- Check to make sure the green light is on the card reader at the ATM. A skimmer device usually does not display a light.
- Before starting a transaction, check the ATM for any suspicious elements such a missing or badly fixed part.
- Hide the number pad whilst entering your PIN.
Cyber crime doesn’t stop there, it’s vital to be vigilant at all times so the fun of a race weekend isn’t ruined by the bad guys.
- Never give retailers or merchants your credit/debit card. Ask them to bring the card terminal to you.
- Before typing your PIN make sure the machine is displaying the correct info, including the amount that you are paying.
- If a machine looks suspicious, use cash. Always try and carry some local currency as a back up.
We hope that you find out top tips to stay safe online when attending a race weekend and we look forward to seeing you there to support the Kaspersky Motorsport team.
As motorsport evolves with the latest technological developments in place for 2016/2017 and further updates being introduced throughout the racing season, it’s vital that teams take cyber security seriously and focus on this ever-evolving space. Alex Moiseev, Chief Sales Officer & Kaspersky Motorsport Driver