Tackling cybersecurity at the rugby world cup

Tackling cybersecurity at the rugby world cup
(Image credit: Pixabay)
About the author

David Warburton is the Senior Threat Research Evangelist at F5 Networks.

This year’s rugby world cup in Japan will be the biggest and most tech-enabled incarnation yet. It doesn’t have a choice. The modern-day sporting spectacle is invariably a hyper-connected production of dizzying permutations and potential.

1,8 million tickets will change hands and 400,000 rugby fans will descend on the Land of the Rising Sun from 20 September. Online activity will also be off the charts. In 2015, there were over 270 million social media video views, 2,8 million official app downloads, and the #RWC2015 hashtag appeared twice a second. Expect records to tumble again this year as cybercriminals get match fit to breach the security defences of organisers, sponsors and fans alike. 

Catching fans (and employers) offside

2018’s football world cup had different shaped balls but served as an instructive barometer for likely cybercriminal activity. Phishing and social engineering featured heavily and could wield a similarly disruptive influence in Japan. Even before the tournament kicks off, fans face a barrage of scams leveraging tournament branding, including fake apps, betting scams, counterfeit tickets, as well as browser injections targeting credit card details. Meanwhile, thousands of illegal streaming sites are limbering up on the side-lines for proceedings to start.

Against this backdrop, many individuals will be in an unusually excitable and suggestible state, which is also a problem for businesses. How many of employees will place an unsecure bet from the sofa or attempt to win tickets using BYOD or office-supplied devices

In general, rugby fans (and others) should always:

  • Limit public Wi-Fi use. Use a private network or virtual private network (VPN) with data encryption capabilities,
  • Ensure devices have the latest operating system and patches installed,
  • Question messages with links or attachments. A trusted brand wouldn’t immediately hustle for valuable personal data or financial information,
  • Use trusted websites with the HTTPS prefix and avoid search engine-assisted ecommerce. Spelling mistakes and design flaws are obvious red flags, but they are getting harder to spot,
  • Only download apps from the trusted sources.

IoT mauls

In March 2018, an Interpol conference identified the Internet of Things (IoT) as a major sporting event risk. At the same time, thingbots (such as Mirai) are being harnessed by hackers in greater numbers than ever to form powerful botnets of networked things.

Japan knows the score. Earlier this year, the country’s National Institute of Information and Communications Technology (NICT) planned a sweep of around 200 million network-connected devices to check for vulnerabilities in “things” like routers, webcams and home appliances.

Users are then contacted to improve security measures when a device is accessed (mainly using commonly used credentials, usernames, and passwords). It is a much-needed initiative. Historically, IoT devices tend to prioritise access convenience over security, and the world cup is a timely prompt for widespread awareness and action.

There are no silver bullets of course, and any organisation touching IoT must constantly assess its defensive posture. To combat the thingbot threat, F5 Labs recommend tackling their most damaging offensive moves first. For DDoS attacks, that means a cloud scrubbing provider is the way to go. Then there are web application attacks, which require specialised application firewalls with behaviour-based bot detection and traffic inspection. 

Never cut corners with IoT. Don’t buy products with known vulnerabilities, obvious exploit histories or substandard security mechanisms. Quarantine or retire any devices that cannot be secured. 

Other IoT exploit path must-dos include:

  • Disabling remote management. Restrict operations to a management network, or place behind a firewall. Leverage NAT at a minimum if the devices will be used in a residence,
  • Changing vendor default credentials and disabling the default admin account,
  • Continually updating devices with the latest firmware as it is released.

Nation state rucks

The RAND Corporation believe the Tokyo Olympics’ biggest cybersecurity threat comes from foreign intelligence services (“should they choose to act”). The same applies to the rugby world cup. The Verizon Data Breach Investigations Report (VDBIR) recently reported a sharp uptick in nation-state attacks, rising from 12% of all analysed breaches to 23% in the past year. In another alarming trend, hackers acting on behalf of nation-states are also carrying out more zero-day attacks, which take place on the same day a weakness or vulnerability is discovered.

As the influence of IoT and 5G gets louder and louder, it is important to note that hackers acting on behalf of nation-states are no longer just out to disrupt critical infrastructures – they’re also actively seeking business and trade secrets. This means it is critical to have adequate defences that can detect unknown attacks and correctly identify malicious app connections. 

Fortunately, a range of new technologies are available for selection. For example, AI solutions can analyse traffic in real-time to spot unusual behaviours and anomalies previously out of sight. However, there will always be a need to apply security at every level and on every surface: endpoint, application, and infrastructure. Remember, applications require consistent, intelligent and adaptable policies wherever they reside (on-premises, in the cloud or in a multi-cloud environment). Protecting perimeters is no longer enough. 

Whatever happens at the rugby world cup, it will be intriguing to monitor cybercriminal activity in the coming weeks. By all accounts, Japan is well prepared, and the tournament could even yield the protective blueprint for future events of this scale. Dropping the ball is certainly not an option – especially with the 2020 Tokyo Olympics also on the horizon.


David Warburton is the Senior Threat Research Evangelist at F5 Networks.

David Warburton

David Warburton is the Senior Threat Research Evangelist at F5 Networks.

He is an experienced security focussed pre-sales consultant with industry experience of working with large UK Government and Enterprises accounts. Strong solution and enterprise architecture skills. Working with technologies which include data centre deployments, enterprise applications, infrastructure & virtualisation, application delivery networking, Security (Firewall, IDP, NAC, SSL and IPsec VPN), Switching, Routing & WAN Optimisation. Recently achieved a MSc (Distinction) in Information Security at Royal Holloway University. Fluent in French.