Leeds United are tightening their cyber defences in the face of a growing threat from sophisticated criminals, who can extract millions of pounds from the biggest clubs.
English clubs are increasingly concerned about the threat from hackers, who see sport as a 'highly attractive' and 'high-value' target.
In the last year, Manchester United was attacked, an EFL club was hit with a £5m demand and the biggest single loss to a sports organisation from cyber crime was £4m, according to he UK National Cyber Security Centre (NCSC) - part of GCHQ.
The cyber criminals are aiming to cash in on big money deals, exploit lucrative match days, or even hold valuable transfer or fan data to ransom.
As well as United, Liverpool and Lazio have all fallen victim to hacks in recent years. But more are have suffered in silence or fought off the online raiders and clubs’ vulnerability is even greater now with thousands of staff working from home on laptops and remote serves.
Over 40 clubs attended a security conference organised by the NCSC, including 11 from the Premier League, in January, to learn more about how to protect themselves.
And the the watchdog says cyber-criminals see sport as a juicy target with seven out of 10 clubs experiencing an attack once a year, and three out of ten suffering at least five raids.
“We know that sports clubs and organisations are facing significant challenges managing the impact of the coronavirus pandemic,' said Sarah Lyons, NCSC Deputy Director for Economy and Society ahead of the conference.
'But that doesn't stop the UK sports industry being a highly attractive target for cyber criminals - and it's important that organisations are aware of this threat,'
Leeds have commissioned Barracuda Networks to beef up their security, focusing on securing the club's email systems and defending against ransomware, which was believed to have affected some of Manchester United's systems in November.
“Even in a normal year, Premier League clubs are a hot target for opportunistic cyber attackers, who are looking to disrupt servers or steal data, usually in an attempt to hold the club to ransom, or to sell sensitive data illegally for financial gain,’ said Chris Ross, a manager at Barracuda Networks.
“However, with hundreds if not thousands of staff members now working remotely, the threat facing Premier League clubs, and indeed all organisations, is more pressing than ever.’
There are two common types of attacks, email impersonation and ransomware, Ross’ colleague, Steve Peake explained.
'The sporting world is targeted in a quite sophisticated way and the reason for that is there is a lot of information publicly available,' Peake told Sportsmail.
'We know football clubs time tables. We know when the transfer windows are and that is helpful because an attacker can pretend to be more credible.
'In the transfer window there is a lot of speculation about where players may be moving to, so someone can potentially craft an attack to appear as though they are a party [to the transfer].'
Audacious as it sounds, these tactics, known as ‘impersonation’ attacks, do work if the criminals use hi-tech software to closely replicate emails and obtain detailed knowledge of the deal.
Italian giants, Lazio, fell for an email scam and paid £1.75m (€2m) to fraudsters in 2018.
According to Italian newspaper, Il Tempo, the Serie A club were completing the last instalment of a transfer fee for defender Stefan de Vrij, whom they had signed from Dutch club Feyenoord.
Lazio received an email that appeared to be from the Eredivisie outfit asking for the final payment of the deal along with bank account details.
The Italian side paid the money, but Feyenoord never received the fee and said they had not sent the email. The cash was traced to a Dutch bank account apparently set up by the fraudsters.
Closer to home, the NCSC reported last year that an email account of a Premier League football club's managing director was hacked during a transfer negotiation, which led to the club attempting to pay £1m into a bank account set up by criminals.
The transaction was only halted because the club's own bank identified the destination account as fraudulent.
In this case, inside information was obtained when the MD had inadvertently entered their details into a fake Office 365 login page, which allowed to hackers to monitor his correspondence.
Email is a potential weak point for any organisation. Liverpool was also hacked in 2018, resulting in a serious data breach for around 150 supporters, according to the Liverpool Echo.
A staff email account was believed to have been targeted by a third party.
While staff email is a vulnerability, the risk is not only impersonation. Hackers can insert attachments into the club's network to disable it, known as a ransomware attack.
''A ransomware attack is when people attempt to get malicious software into an organisation and scramble their systems so they are not usable,' said Peake.
'That is about disruption to the football club, [for example] to stop their turnstiles from working so they cannot scan tickets and they cannot run the game. That has a financial cost to the club.
'The attacker suggests a ransom to unlock the systems and it is usually more cost effective than to cancel the game and they hop the club will pay.'
The amount the hackers charge is based on what they know the system is worth to the club.
The NCSC has assisted another club after corporate and security systems were crippled by a ransomware attack, stopping the turnstiles from working, preventing fans being able to get in or out of the stadium.
It almost led to the cancellation of a league fixture, and the hackers were demanding £300,000 to unscramble the system.
Manchester United were hit by a ransomware last year, but with the help of the NCSC, the club was able to fight off the attack, without losing control of their turnstiles, or other critical systems.
The attack is believed to have targeted scouting reports and transfer plans which are themselves hugely valuable. However, club insiders told Sportsmail that United always had control of their IT systems and any delay in getting them back up and running was to make sure they were 100 per cent secure.
At Leeds United, Barracuda is providing protection for emails and from ransomware.
With emails, software can be used to triangulate information from the email and its source to establish if it is credible. For ransomware, companies like Barracuda are engaged in a game of 'cat and mouse’ with the hackers, seeking to identify and block malicious attachments as they are developed.
In addition, by chunking up the network and backing up the data in key areas it is possible to protect the system from a catastrophic attack and reboot it afterwards.
0 Comments