Malware, Security Strategy, Plan, Budget

Cybercriminals take the day off to watch the World Cup

There is no doubt the World Cup has a negative impact on business productivity, but it may come as a surprise to find cybercriminals are no different and take the day off when their nation's squad is playing.

The behavioral biometrics cybersecurity firm BioCatch found a massive drop, up to 90 percent, in the amount of bank fraud committed by some countries, mainly account take over attacks, during certain World Cup games. The company, which tracks millions of banking transactions every day for customers around the world, found that cybercriminals in Brazil, Mexico, Russia, and to a lesser extent Croatia, almost ceased their attacks when their teams were playing. Spain saw little change, but there was a decline.

The company saw a massive double-digit fall off in banking attacks on game days, said Daniel Shkedi, BioCatch's product marketing manager, starting with the first day of the tournament.

On June 13, the day before the World Cup started, BioCatch recorded a spike in malicious activity, with attackers acting almost as if they were going on vacation and needed to get some extra work done. The next day when Russia took on Saudi Arabia in the opening game the number of attacks emanating from Russia dropped 67 percent, Shkedi said. This trend continued throughout the match until Russia was eliminated.

“When Russia lost and was eliminated on July 9 the same game day trend continued with fraud being down. We expected attacks to go up the next day, which was a Sunday, but it was still slow. However, on Monday they were back at it with a vengeance,” he said.

The numbers were even more drastic when the company looked at activity in Brazil and Mexico.

In fact, the entire idea behind the study came after the company received data from a Brazilian customer indicating something was wrong. Shkedi said BioCatch researchers noticed a distinct fall off in traffic, to the point where they thought some systems were being hit. Instead, a call to the customer found them to be unconcerned. They said the whole country was watching the game and it was depressing the amount of traffic.

During the initial three games during group play, bank fraud decreased in Brazil by 39 percent, 33 percent and 39 percent each time the Brazilians took the field. Because most Brazilian cybercrime is conducted by homegrown attackers BioCatch made the assumption that these people were off watching the game and not working.

The same scenario played out in Mexico, another country with mainly local attackers, but on an even larger scale. During Mexico's first three games bank fraud fell 70 percent, 90 percent and again 70 percent.

In all cases, BioCatch compared the game day attack traffic to traffic that took place on the same day during the week before the World Cup began. And the drop off in attacks was not just during game time, but throughout the day which indicates the cybercriminals made a holiday of the event.

The study also found that not all World Cup participants saw a fall off in attacks.

England had the dubious honor of seeing an increase in the number of attacks jumping 6 percent, 5.5 percent and 24 percent during group play games. BioCatch noted those attacking the UK tend to be from Eastern Europe who could care less that England was playing, and in fact, may have been attempting to take advantage of the fact that their targets were distracted and upped the number of attacks during these games. 

There was no report on what happened the day when Croatia defeated England to advance to the final.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.