Check Point Researchers Discover Cyber-Criminals Exploiting World Cup Fever with Wallchart Phishing Campaign
June 2018 by Check Point
Check Point® Software Technologies Ltd. has identified a phishing campaign linked to the start of the FIFA World Cup where cyber-criminals attempt to lure would-be victims into downloading a schedule of fixtures and a result tracker.
When opened, the attachment uses a malware variant called ‘DownloaderGuide,’ a known downloader of potentially unwanted programs (PUPs) that is most commonly used as an installer for applications such as toolbars, adware or system optimizers. Check Point researchers have found that in total the campaign includes different executable files, all of which were sent in emails using the subject: “World_Cup_2018_Schedule_and_Scoresheet_V1.##_CB-DL-Manager.”
The campaign was first identified on May 30 2018, peaking on June 5, however during the past week it has gained new momentum with new instances emerging as the competition starts.
“Events that attract huge amounts of popular interest are seen by cyber-criminals as a golden opportunity to launch new campaigns,” said Check Point’s Threat Intelligence Group Manager, Maya Horowitz. “With so much anticipation and hype around the World Cup, cyber-criminals are banking on employees being less vigilant in opening unsolicited emails and attachments. As such, it is critical that organizations take steps to remind their employees of security best practices to help prevent these attacks being successful.
“In addition to this, organizations should also take steps to ensure that phishing campaigns don’t reach inboxes in the first place. This should include employing a multi-layered cybersecurity strategy that protects against both established malware families’ cyber-attacks and brand new threats and prevents it from spreading across the network in the result of the initial campaign being successful.”
With Check Point anticipating a further range of online scams and phishing attacks during the month-long tournament, it has also issued the following guidance for individuals to protect themselves from cyber threats during the 2018 FIFA World Cup:
• Keep software updated – Ensure that your PC or device’s operating system, security software, apps and web browsers are all updated with the latest versions as this will form an effective defense against malware, viruses and other online threats.
• Beware of fake websites – At previous large public events, cyber-criminals have created fake websites and domains, covering everything from merchandising to news and live streaming, which appear to be official but can be used to deliver malware to, or capture sensitive information from unsuspecting visitors.
• Beware of emails from unknown senders – Cyber-criminals will likely send a variety of phishing emails during the tournament, offering a range of free offers or entries into draws for match tickets. This could be in the form of hyperlinks or attachments that will either download malware onto machines or attempt to steal your personal data. It is best to avoid opening emails or attachments from an unrecognized sender.
• Beware of public Wi-Fi hotspots – With matches taking place throughout the day, many will be tempted to use public Wi-Fi hotspots to watch games on mobile devices. However, insecure hotspots are easy targets for hackers to compromise and intercept personal data such as emails and passwords, or plant malware on mobile devices.