Football teams are increasingly at risk of ransomware attacks and phishing campaigns, says the United Kingdom National Cyber Security Centre (NCSC).
NCSC noted this while warning football teams on July 23, as it mentioned recent incidents. A few days ago, hackers attacked an unnamed club in the English Football League (EFL). The report noted that the hackers encrypted all the club’s security and corporate systems and demanded 400 Bitcoin (about $3.8 million) to hand over the decryption key.
Unfortunately, because the club refused to pay up, the hackers carried out their attack. The club incurred serious financial costs (several hundred thousand pounds) including remediation.
According to the agency, it seems the hackers first used a phishing email or remote access of the club’s CCTV systems for the installation of malware. The club was unable to use their corporate email because the attack affected some servers. Likewise, the CCTV and turnstiles in the stadium stopped operating, which almost led to a fixture cancellation, says NCSC.
The hackers found it easy to infect other systems after the infection of a single system because all the systems at the stadium were connected to one network.
In the words of the agency’s NCSC director of operations Paul Chichester, even if the sports sector may not consider cybersecurity, the agency’s findings reveal the real effect of cybercriminal activities on the industry.
The attack on a renowned Premier League club involved the use of fake emails to carry out a player transfer and the hackers almost stole more than a million pounds prior to the discovery.
NCSC’s report noted that more than 70 percent of sports organizations in the United Kingdom have experienced a cybersecurity breach this year and 30 percent of them reported more than five incidents. The agency said football clubs need to allot some time and funds towards the protection of their data.