In light of cyber hacktivist group Anonymous's recent threats to hack company, sponsor and partner websites associated with the World Cup, security specialist Radware has issued guidance to firms that could be affected.
Angered by the amount spent on the tournament while host country Brazil struggles to provide basic services, Anonymous hacked into the country's Foreign Ministry computer networks at the end of May and leaked a number of confidential emails. Around a week later the group announced it would be targeting the World Cup's corporate sponsors to continue its protest.
A spokesperson for the group known as Che Commondore told Reuters: "We have already conducted late-night tests to see which of the sites are more vulnerable. We have a plan of attack."
Radware is now circulating advice and guidance throughout firms that it expects might be targeted.
While Anonymous themselves have referenced Addidas, Coca-Cola, Emirates Airline and Budwiser, Radware warns that this could extend to streaming providers, entertainment outlets that often promote such events, gambling sites and more.
Using past Anonymous attack patterns Radware has issued a number of recommendations for both before and during an attack. The most common kind of attack, and one often used by Anonymous, are low-cost DDos (distributed-denial of service) attacks. These can take a website offline by simultaneously requesting access from thousands of computers, overloading the host server.
However, Radware warns, Anonymous has been known to use multiple methods at the same time to create disruption and diversions.
The firm urges companies not to allow themselves to be distracted by one particular kind of attack, which may well be used as a smoke screen to obscure another accessing or manipulating sensitive information.
It also said that companies must ensure their networks do not "fail open" ̶ becoming so overwhelmed by the volume of attacks that it falls over and can't fight subsequent, more serious attacks.
It suggests that firms monitor all security systems, service performance and internet pipe utilisations carefully so that an attack can be detected as early as possible.
Radware reminded firms that Anonymous has said it tests its attack vectors in advance before deploying a full-scale attack, so any new alert should be investigated carefully. This might even provide information that can be gathered to predict the likely attack pattern Anonymous would deploy.
In the meantime Radware recommends that firms harden security systems as much as possible, taking special regard for their DDoS protection, anti-scanning and all other intrusion protection methods.
Radware said it had seen similar threats, directed towards similar targets, during the 2010 Vancouver Winter Olympics, the 2012 London Summer Olympics and the 2014 Sochi Winter Olympics. In the latter case especially, attempts to attack started long in advance of the games.
It said that while high-profile sporting events "are the newest 'hot' target for cyber attack", this year's World Cup is particularly vulnerable.
As early as 2005 and 2007 Brazil fell prey to cyber attacks that resulted in major power outages. Today, after months of protests purportedly straining its economy, Radware said Brazil was a target "rife for exploitation".
Radware added that Anonymous is likely to "use that backdrop to boost support and gain advocates". The political and economic turmoil combined with the excited chaos of the World Cup mean that a cyber-attack at this time would create the "perfect storm".