As the Brazil FIFA World Cup 2014 moved on to the finals, sponsors, patrons, banks, and organizations suffered significant damage by way of cyber-crime. Brazil’s banks, FIFA World Cup offices, and patrons were all targeted and fell victim to malicious bad actors in the cyber realm. As countries battled each other on the futbol pitch, or soccer field for Americans, cyber criminals waged war on the networks in Brazil.
One such attack, known as “Boleto Fraud,” has been around for years and increased significantly during the 2014 FIFA World Cup. The crime involves fraudulent offline transactions with the Brazilian boleto bancário payment system. The boleto is a form of Brazilian currency used in banking transactions such as with automated teller machines. Malicious hackers have been able to perform offline forgery of the payment documents. The hackers use a very specific attack called a “man-in-the-middle” attack, which takes advantage of browser vulnerabilities in Chrome, Firefox, and Internet Explorer on the Microsoft operating system platform.
Browsers infected with the “man-in-the-middle” malware redirect the boleto payments to a money mule account. A money mule is an individual who launders money by moving the funds that were deposited by boleto payments from one account to another. The boleto payment fraud was the most prevalent and significant of all of the cyber-attacks in Brazil during the World Cup.
Additionally, there were several other types of cyber-attacks including phishing and malvertising. Phishing attacks by malicious hackers introduced credential stealing malware to users and patrons who received email they believed to be from FIFA World Cup sponsors and organizations. Malvertisements were malicious ads that appeared on websites specific to the World Cup. Patrons clicking on these malicious advertisements were directed to sites that downloaded malware onto the patrons’ systems.
The great majority of the attacks were financially motivated, with few reported attacks by hacktivists and state sponsored actors. Unfortunately, these types of sport-related attacks will continue after the World Cup finals and beyond.
ThreatScape eCrime Reports, July 3, 2014