Experts Insight On Premier League Club Almost Loses £1m to Hackers

It is being reported by the BBC that a premier league club almost lost £1m to hackers during a transfer deal. A new report from the NCSC says the email address of a Premier League club’s managing director had been hacked during a transfer negotiation. It was only the intervention of the unnamed club’s bank that stopped the theft.


EXPERTS COMMENTS
Paul Bischoff, Privacy Advocate,  Comparitech
July 24, 2020
It won't matter how good their antivirus and firewalls are if staff members fall for social engineering attempts.
Premier League clubs not only need to consider their cybersecurity, but their operational security. Staff need to be trained on how to spot and handle phishing messages and websites, and have checks in place to verify the identities of any staff member that spends or requests money. It won't matter how good their antivirus and firewalls are if staff members fall for social engineering attempts. ....
[Read More >>]
Jonathan Knudsen, Senior Security Strategist ,  Synopsys
July 24, 2020
Every organisation either creates software or uses it, and many do both.
The narrowly avoided theft of nearly £1m from a Premier League football club is hardly surprising, but serves to highlight some truths of the current era. First, every organisation is a software organisation. Every organisation either creates software or uses it, and many do both. Consequently, all organisations must embed software security into their culture. Security cannot be bolted on to ....
[Read More >>]
Javvad Malik, Security Awareness Advocate,  KnowBe4
July 24, 2020
These attacks rely primarily on social engineering tricks to fool employees into making payments into accounts owned by the criminals.
As more and more organised criminals have moved into the digital world, we've seen more of them less interested in the technical side of hacking an organisation, and going straight for the money. This has resulted in a rise in spearphishing attacks as well as CEO fraud or BEC fraud. These attacks rely primarily on social engineering tricks to fool employees into making payments into accounts own ....
[Read More >>]
David Kennefick, Product Architect,  edgescan
July 24, 2020
While it is quite common, training is the most important method of defense here.
Sporting organisations like every other organisation are susceptible to cyber-attacks. This is made even easier when so many transfer details, including information around fees that can amount to millions of pounds, are made public during negotiations. Lazio and Manchester City have both been on the receiving ends of very public cyber-attacks in recent years. In 2018, Lazio paid an attacker close ....
[Read More >>]
Matt Aldridge, Principal Solutions Architect ,  Webroot
July 24, 2020
Sports companies need to ensure their defenses are watertight both on and off the field of play.
This hack highlights how cybercriminals are increasingly targeting high profile industries with email scams. In this case, it seems a legitimate corporate email account has been broken into and the hacker has impersonated the real owner and attempted to defraud a club or agent into sending money to the attacker. These email scams are becoming increasingly more sophisticated. We’ve witnessed new ....
[Read More >>]
Chris Boyd, Lead Malware Intelligence Analyst,  Malwarebytes
July 24, 2020
This is most likely an attempt at CFO fraud, where exec-level accounts responsible for funds are compromised to wire huge sums of money overseas.
This is most likely an attempt at CFO fraud, where exec-level accounts responsible for funds are compromised to wire huge sums of money overseas. As the transfer was only prevented due to the bank's actions, the affected club may not have security measures in place to combat or even detect such a threat in the first place. Confirming transfer amounts over the phone, having agreed protocols in plac ....
[Read More >>]
Jake Moore, Cybersecurity Specialist,  ESET
July 24, 2020
These sorts of targets can be seen as a win-win situation for cybercriminals.
Threat actors are like water finding the cracks in organisations they attack. They will persistently look until there is a vulnerability and with enough pressure, this crack will break. Whilst the sporting industry is not seen as a data-driven sector, it is arguably weaker than other sectors as information security often places much lower down the list of priorities. Not only do sports organisati ....
[Read More >>]
Carl Wearn, Head of E-Crime ,  Mimecast
July 24, 2020
Football clubs spend millions every summer investing in their team’s defence, but it is time they started investing in their cyber-defense.
No organisation or sector is safe from cyber threats, and that includes the beautiful game. Transfer deals are obviously a high-pressure time for many football clubs, with lots of fan pressure to get the deal over the line. This pressure can potentially be really detrimental to cyber-hygiene and lead to its own goals. In this instance, the attack appears to be an impersonation attack and this vari ....
[Read More >>]

If you are an expert on this topic:

Submit Your Expert Comments


In this article