Patrice Boffa

2014 World Cup: Web Security - "Let's watch the game first and attack later"

Blog Post created by Patrice Boffa Employee on Oct 13, 2014

Akamai has once again been chosen to help protect the leading global broadcasters, advertisers, partners and sponsors' sites for this year's World Cup. This has given us the opportunity to capture an incredible amount of data for analyzing specific trends.

The attackers like soccer so much that they would watch the game before they launched the attacks.

By looking at the game schedules, traffic and attack patterns during the World Cup, we realized that the peaks of traffic did not align with the attack activities.

https://blogs.akamai.com/assets_c/2014/07/PatriceWCBlogPic1-2877.htmlPatriceWCBlogPic1.pngWe looked at the data in more details and it became more obvious that almost every attack launched during the World Cup occurred before or after the game but never during the game itself.

The attack activities and intensity levels depend mainly on: countries playing and the game at stakes

We not only realized that most of the attacks occurred usually after the games, the attack activities also varied based on the countries that were playing.

If we look at the overall traffic for the whole event, we observed four major periods of malicious activities:

  • Qualifiers for the second and third games
  • Round of 16
  • Round of 8
  • Third place

PatriceWCBlogPic2.png

Qualifiers Games

 

The initial World Cup games had limited impact on the teams, the real games at stake were game 2 and 3 of the qualifiers and that's when we noticed an uptake in malicious activities.

 

For example on June 20th, we had the following games:

 

  • Switzerland vs. France
  • Honduras vs. Ecuador

The result: a lot of attacks originated from all the countries playing before and after these games.

 

PatriceWCBlogPic3.png

Final Rounds

 

In round of 16, we experienced a large attack after the game France vs. Nigeria, this attack originated mainly from African countries.

 

PatriceWCBlogPic4.png

During the game USA vs. Belgium, we noticed some malicious activity right before the game. What more interesting was that most of the attacks happened and originated in overtime, after the USA team started losing the game.

 

PatriceWCBlogPic5.png

Getting the analysis to the next level, we noticed that the Top 100 Attackers for this particular period of time were originated from USA, targeting multiple World Cup related sites.

 

In addition, based on the data from Akamai's threat research team, we observed several soccer matches that were accompanied by web application hacking campaigns. You can learn more about that by reading this post.

 

How Akamai helped?

 

Akamai Professional Services team has been actively helping our customers to secure their web applications in order to maximize their World Cup investments.

 

Our event readiness and support approach has successfully supported all major global online events over the years. This approach is divided into the following stages:

  • Event Preparation
    • Capability assessment and contingency planning
    • Implementation and tuning
    • Escalation procedures
  • Event Execution
    • Pro-active alert/monitoring
    • Live event support
  • Post Event Wrap-up

Contact Akamai Professional Services today to arrange a technical call to discuss how Akamai can help protect you for any future event including holiday readiness campaigns.

 

This is a post from Patrice Boffa, senior director of global service delivery, and Sabrina Burney, solutions architect at Akamai.

Outcomes