JOHANNESBURG, South Africa. – May 12, 2009 – Symantec Corp. is warning South Africans to take care to protect themselves against a plethora of attacks over the Internet and likely to hit around the 2010 FIFA World Cup Tournament, all focused on monetary gain.
“Attackers on the Internet either try to compromise legitimate websites and so gain sensitive information, or they spam e-mail users with messages that try to persuade users to go to illegitimate websites where their personal information can be harvested,” said Candid Wüest, senior security researcher for Symantec.
Symantec's Security Response Lab has already seen evidence of FIFA-related spam and expects to see this grow in the run-up to the event. According to Symantec's monthly spam reports, around 10% of all spam in 2008 was fraud-related, such as those advertising false tickets.
During the previous FIFA World Cup, related phishing attacks jumped by 40%. As many as 4,615 phishing hosts per month were discovered in 2008, up 66% over the previous year.
Symantec's annual Internet Security Threat Reports have shown that countries introducing pervasive broadband services experience an immediate increase in threats, as cybercriminals take advantage of breaches and vulnerabilities arising from inadequate security. This has been seen in countries such as Brazil, Turkey and Poland. South Africa is likely to follow this trend once new undersea cables have been successfully installed.
“Because broadband penetration has thus far been so low, the introduction of improved broadband access this year is likely to bring a major increase in threats to Internet users,” said Wüest. “And you can expect to be attacked perhaps a thousand times a day. Larger websites might see up to a million attacks daily.”
“Soccer is one of the most popular sports in the world,” said Philippe Verveer, who served as IT director for the FIFA 1998 Soccer World Cup, and was director of technology for the International Olympic Committee until 2005. “It took us up to seven years of preparation to set up and organise events such as the upcoming FIFA 2010 Soccer World Cup.”
Information security specialists believe that three basic types of information attributes need to be protected around global events: availability, integrity, and confidentiality.
The availability of information, for example, could be compromised through denial-of-service attacks where users are prevented from accessing legitimate websites. These types of attacks are very common around large-scale sporting events, resulting in lost orders for businesses offering goods and services online. These will probably be focused on, but not limited to, FIFA and World Cup-related websites and organisations.
Organisations need to secure the integrity of their information, particularly confidential information provided by users accessing websites offering services and products relating to the event. Hackers will attempt to gain access to valuable information through compromising user accounts, for instance, and can also reach customer information held in databases that run behind these websites.
“Organisations should not assume that in the case of their websites being compromised, the only risk they face is text being altered,” said Wüest.
Symantec is a global leader in providing security, storage and systems management solutions to help consumers and organizations secure and manage their information-driven world. Our software and services protect against more risks at more points, more completely and efficiently, enabling confidence wherever information is used or stored. More information is available at www.symantec.com.
Note to Editors: If you would like additional information on Symantec Corporation and its products, please visit the Symantec News Room at http://www.symantec.com/news. All prices noted are in U.S. dollars and are valid only in the United States.
Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.
Any forward-looking indication of plans for products is preliminary and all future release dates are tentative and are subject to change. Any future release of the product or planned modifications to product capability, functionality or feature are subject to ongoing evaluation by Symantec, and may or may not be implemented and should not be considered firm commitments by Symantec and should not be relied upon in making purchasing decisions.