Business Email Compromise (BEC) , Cybercrime , Email Security & Protection

Hackers Target UK Sports Sector to Steal Millions

Report Describes Vulnerabilities in Sports Organizations' Cybersecurity
Hackers Target UK Sports Sector to Steal Millions
A Premier League championship match (Photo: Peter Woodentop via Flickr/CC)

A Premier League football club, which was one of many UK sports organizations targeted by cybercriminals over the last 12 months, was nearly bilked out of £1 million ($1.2 million) in a business email compromise scam, according to a National Cyber Security Center report that describes a variety of scams.

See Also: OnDemand | Combatting Rogue URL Tricks: How You Can Quickly Identify and Investigate the Latest Phishing Attacks

The report states that 70% of U.K. sports institutions were targeted by cyber incidents. In addition to BEC scams, those included having stadium turnstiles blocked and being victimized by fraudulent equipment sales. About 30% of the incidents resulted in financial losses, which averaged £15,000 ($19,000). The largest loss was more than £4 million ($5.1 million).

Robust Controls Needed

NCSC, the public-facing arm of Britain's intelligence agency GCHQ, is urging sports organizations to implement more robust cybersecurity protocols.

"While cybersecurity might not be an obvious consideration for the sports sector … our findings show the impact of cybercriminals cashing in on this industry is very real," says Paul Chichester, NCSC’s director of operations.

Chichester urges sports organizations "to look at where they can improve their cybersecurity - doing so now will help protect them and millions of fans from the consequences of cybercrime.”

The NCSC states that about 30% of the sports organizations do not regularly patch their systems. Some 56% of teams’ and sports facilities’ payment systems, turnstiles and CCTV networks are remotely accessible by third parties, offering easy entry into the team's network. The report also notes that 20% of organizations do not create separate user accounts for their payment systems, while 30% don’t have separate accounts for CCTV and industrial control systems. Nearly a third of organizations lack network segmentation.

BEC Scam

The report describes how an unnamed Premier League team was targeted by a BEC scam timed to take place during the league's transfer window - the period when players are traded and acquired. The team's managing director had his Office 365 credentials stolen in a spear-phishing attack. The attacker then used the credentials to monitor the teams' negotiations over a potential player deal that was worth almost £1 million.

When the deal was about to be completed, the attacker inserted himself into the middle of the email conversation, according to the report.

"The attackers assumed the identity of the [managing director] and communicated with the European club. Simultaneously, they created a false email account and pretended to be the European club in communications with the real managing director. The cybercriminals sent an amended payment request to the managing director, changing the real bank details to an account they had control of," according to the NCSC report.

The deal was approved by the league, but the money transfer was stopped when it was discovered that the attacker's bank account was marked as fraudulent, the report notes.

Additional Attack Methods

The NCSC report also found sports clubs were targets of additional attack methods. For example:

  • 75% of sports organizations reported having received fraudulent emails, calls and text messages;
  • 61% reported that these malicious communications directed staff to fake websites;
  • 40% reported they had been targeted by malware;
  • 25% reported they had been victimized by ransomware.

The report notes that an English Football League club incurred losses after a targeted ransomware attack crippled the club's corporate and security systems. As a result, CCTV cameras and turnstiles at the stadium failed to operate, which led to the cancellation of a game.


About the Author

Chinmay Rautmare

Chinmay Rautmare

Senior Correspondent

Rautmare is senior correspondent on Information Security Media Group's Global News Desk. He previously worked with Reuters News, as a correspondent for the North America Headline News operations and reported on companies in the technology, media and telecom sectors. Before Reuters he put in a stint in broadcast journalism with a business channel, where he helped produced multimedia content and daily market shows. Rautmare is a keen follower of geo-political news and defense technology in his free time.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.asia, you agree to our use of cookies.