Andy Heather, VP EMEA, Voltage Security:
“The World comes together for the World Cup and the excitement that goes with it. If your inbox looks anything like mine you will already be seeing genuine emails from colleagues and friends sharing all the latest news, and information coming out of Brazil. And again if you are anything like me your first reaction is to open up these mails. But stop and think, can you be sure that by doing so you are not inadvertently exposing you and your company’s sensitive data to the outside world?
Now is the time to be extra vigilant, these days hackers are not just targeting company IT systems but they are actually targeting the employees as well, you and I have become the latest security gap, and a global event like the World Cup with the interest and excitement that generates provides these guys with the perfect opportunity to score.
Users have even more chances these days to do something foolish which can compromise the company’s data, opening an email from hackers which downloads a virus which in turn allows them to by-pass the company firewall for example.
Social engineering techniques are commonly used to get us to divulge such sensitive information. Theses hackers take advantage of our continually more open on-line profiles. Hackers utilize networks such as Facebook and LinkedIn to get greater information on individuals so as to be able to target them with continually more convincing emails which users are more and more likely to click on. Traditional security approaches continue to fail to protect the real assets which is the sensitive data. Only a data centric approach which neutralizes the data and makes it valueless to the hackers can ensure that when these inevitable breaches occur the data remains safe and secure.”
Rahul Kashyup, Head of Security Research, Bromium
“Every high profile event such as the World Cup is always preceded with large scale online phishing and various social engineering scams. This has happened almost every time at a large world event - adequate evidence is available by variety of scams uncovered during the recent Sochi Olympics.
Most of these attacks are closely tied to classic human psychology concepts – people are more likely to click on items linked to the current topics being discussed. So, in short, people are more ‘vulnerable’ to clicking familiar/in vogue topics - this is exactly what the attackers try to exploit. Ultimately, the average internet user is a constant victim of this psychological warfare – with the odds in favour of the attackers.
The most common attack vectors are delivered via emails or even malicious ads by linking to a familiar topic such as World Cup. Users should take additional precautions and not click on any links or emails coming from unknown people.
In short – make ‘paranoid’ as your default setting when you go online during this World Cup”
Clinton Karr, Sr. Security Strategist, Bromium
“Major sporting events, such as the Olympics and the World Cup, serve as a hotbed for hacker activity. Commonly, attacks exploit social engineering to trick users into blindly clicking interesting links on the Internet. For example, a hacker may exploit a known Java vulnerability by enticing users to click on a video for the “Five Hottest Goals from the World Cup.” The best way for users to protect themselves is to apply some common sense to their browsing habits – just as we avoid walking down a seedy alley, we should avoid suspicious links and Web sites.”
Michael Sutton, VP of security research, Zscaler:
“Attackers are sure to take advantage of any major news event and the largest sporting event in the world will be no exception. We can expect to see phishing campaigns, blackhat SEO tactics and fake social networking posts taking advantage of unsuspecting victims on edge for any tidbit of news tied to the World Cup. Sporting events in particular tend to attract scams involving fake videos – offers of live access to matches not otherwise available. Scammers generally try to coerce users into either downloading malicious content or providing PII or credit card information in order to access the content. A common scam will present the user with a necessary browser update that is supposedly required in order to play the video. What is ultimately installed is malware. Users should be wary of downloading any unsolicited content or providing PII or financial information to sites not officially affiliated with the FIFA World Cup. Looking for Live coverage? Stick with one of the official broadcast partners of the FIFA World Cup for the country that you’re in.”
Tom Cross, Director of Security Research, Lancope:
“Popular media events like the World Cup are often exploited in email campaigns that lure unsuspecting victims in with promises of cheap tickets or exclusive video content. Victims are redirected to websites that trick them into revealing personal information or downloading and installing malicious software. As always, it pays to exercise street smarts when you use the Internet. If you get an unsolicited email with a suspicious attachment, don’t open it. Don’t enter personal information into websites if you’re unsure of who operates them. And if an offer seems too good to be true, it probably is.
Distributed Denial of Services attacks have come into play as a means of protesting organizations that are involved with the World Cup. Preparation for Denial of Service attacks should be standard practice for any organization with a large, mission critical presence on the web.
Attackers also tend to use computer networks belonging to innocent bystanders as amplifiers to make their Denial of Service attacks more effective. Therefore, any organisation that runs a Internet network should be checking to make sure that their networks cannot be used for Denial of Service traffic reflection and amplification. In particular, DNS servers, NTP servers, SNMP services, Voice of IP Services and XML-RPC ping back services should be checked to make sure that they don’t provide a spring board for denial of service attacks.”
TK Keanini, CTO, Lancope:
“People attending the event will need to be careful when joining wireless networks. Given the recent OpenSSL vulnerability CVE-2014-0224, an attacker who is in the middle of your communication can subvert the encryption leaving your private communication exposed. As a general rule, don’t download anything and only join reputable WiFi networks.”
Bruno Tarasco, Manager, Varonis Brazil
-Do not leave your belongings unattended. Be aware of people approaching you to ask questions as they may just be trying to distract you for criminal gain.
-Want to go travel somewhere? Put the address into your Smartphone and review the route. If you get lost you could struggle to find help since only 24% of the Brazilian population speak English.
-Avoid using and exposing your gadgets whilst on the street. You may attract unwanted attention.
-Keep your eyes on your credit card at all times. In Brazil, the bill should be settled in front of you. If the waiter tries to take your card away from your table, you should be wary as this is not common practice.
-Keep the emergency numbers in mind: 190 for the police, 192 for medical emergencies and 193 for fire department.
-If you must look at your online banking or sensitive information, be vigilant for people behind you watching your screen. Avoid transactions such as these while on Public HotSpots but, if it essential that you do, try using a browser like Tor.
-Watch out for false money bills, there is a guide here: http://www.bcb.gov.br/dinheirobrasileiro/en/segunda-familia-cedulas.html
-If you travel by taxi, ALWAYS ask the driver to turn the meter on. It should be fare 1 from Monday to Saturday between 6AM and 8PM. (except holidays) For estimates you can use this calculator: http://www.taxiautofare.com/br/Default.aspx. Taxis in São Paulo are white, in Rio they are yellow. Always look for official taxis. No taxis on your street? Download an official taxi app. The 2 most used are EasyTaxi and 99Taxis.
-Do not visit the Favelas, even with a tour guide! Part of the money you spend may end up going to gangs in the area (so they will continue to allow the guide to work there).
-Cellular data and roaming charges are very high in Brazil. You can get a pre-paid SIM Card with TIM where you will pay 1 dollar/100MB day. While their signal may not be as strong as other carriers’ signals, other carriers at the same price point only allow 10MB/day of usage. A SIM card is usually 15 Reais (approx. 7 Dollars).