Close Menu
  • Home
  • Articles
    • Attacks
      • BEC
      • Data Breach
      • DDoS
      • Evasion Attacks
      • Injection
      • Malware
      • MITM
      • Phishing
      • Ransomware
      • RCE
      • Social Engineering
      • Spoofing
      • Spyware
    • Business and Policy
      • BCP and DRP
      • GRC
      • Regulations
    • Data Protection
      • DLP
      • DRM
      • Encryption
      • IAM
    • Future, Trends and Insight
      • AI
      • Events & Community
      • Emerging Tech
      • Expert Panel
      • Interviews With Experts
      • Insights
      • Study & Research
    • Resources
      • Guides
      • Tools
      • Training & Education
    • Security
      • API
      • Apps
      • Cloud
      • Critical Infrastructure
      • Endpoint
      • Hardware
      • IoT
      • Mobile
      • Network
      • OT
      • Port Security
      • Security Architecture
      • Software Development
      • Supply Chain
      • Zero Trust
    • Threats and Vulnerabilities
      • Emerging Threats
      • Insider Threats
      • Risk Management
      • Threat Intelligence
      • Zero Day
  • News and Exclusives
    • Latest News
    • ISB Exclusive
    • Positive News
  • Who We Are
    • About Us
    • Information Security Buzz Expert Panel​
    • Write for Us
    • Media Pack
  • Contact Us
  • Newsletter
Facebook X (Twitter) LinkedIn
Facebook X (Twitter) LinkedIn
Information Security BuzzInformation Security Buzz
  • Home
  • Articles
    • Attacks
      • BEC
      • Data Breach
      • DDoS
      • Evasion Attacks
      • Injection
      • Malware
      • MITM
      • Phishing
      • Ransomware
      • RCE
      • Social Engineering
      • Spoofing
      • Spyware
    • Business and Policy
      • BCP and DRP
      • GRC
      • Regulations
    • Data Protection
      • DLP
      • DRM
      • Encryption
      • IAM
    • Future, Trends and Insight
      • AI
      • Events & Community
      • Emerging Tech
      • Expert Panel
      • Interviews With Experts
      • Insights
      • Study & Research
    • Resources
      • Guides
      • Tools
      • Training & Education
    • Security
      • API
      • Apps
      • Cloud
      • Critical Infrastructure
      • Endpoint
      • Hardware
      • IoT
      • Mobile
      • Network
      • OT
      • Port Security
      • Security Architecture
      • Software Development
      • Supply Chain
      • Zero Trust
    • Threats and Vulnerabilities
      • Emerging Threats
      • Insider Threats
      • Risk Management
      • Threat Intelligence
      • Zero Day
  • News and Exclusives
    • Latest News
    • ISB Exclusive
    • Positive News
  • Who We Are
    • About Us
    • Information Security Buzz Expert Panel​
    • Write for Us
    • Media Pack
  • Contact Us
  • Newsletter
Subscribe
Information Security BuzzInformation Security Buzz
Home - News & Analysis - Experts Predict Rash Of Hacks Targeting 2018 World Cup
News & Analysis

Experts Predict Rash Of Hacks Targeting 2018 World Cup

ISBuzz TeamBy ISBuzz TeamJune 4, 2018Updated:July 4, 20243 Mins Read
Share LinkedIn Twitter Facebook Copy Link Email
Share
Facebook Twitter LinkedIn Email Copy Link
Quick AI Summary
ChatGPTClaudeGeminiGrokPerplexityDeepSeekCopilot

New report shows that cybercriminals are concentrating their efforts on banks, government, and healthcare

In a new report, Web Application Attacks Statistics 2017, Positive Technologies describes how vulnerabilities in web applications have enabled hackers to damage diplomatic relations, access lists of patients at plastic surgery clinics, steal enormous sums from cryptocurrency exchanges, and perform other far-reaching attacks.

The most common types of attacks remained the same in 2017 as previous years, with cross-site scripting constituting nearly a third of all attacks. Other popular attacks involved the ability to access data or execute commands on the server, including SQL injection, Path Traversal, Local File Inclusion, and Remote Code Execution and OS Commanding.

Government websites were a constant target for attackers in 2017, receiving an average of 849 daily attacks per organization. Last February, hackers modified the websites of embassies and government authorities around the world to feature a script that infects visitors’ computers with spyware. Later in the year, the site of the U.S. National Foreign Trade Council was hacked in a similar attack.

Planting untrue news on trusted websites—such as the official page of a foreign ministry—can spark scandals and international outrage. One such attack was recorded last year in Qatar: fabricated statements were attributed to the country’s emir, leading to a diplomatic row with other countries in the region. Hackers are also attracted to the websites involved in presidential and parliamentary elections. The upcoming 2018 World Cup, being a high-profile international event, is likely to draw a large number of attacks including denial-of-service, defacement attacks and attacks against users.

One dominant trend in 2017 was the boom in cryptocurrency and initial coin offerings (ICOs), an opportunity hackers readily seized upon. In most attacks on cryptocurrency exchanges and ICOs, hackers  took advantage of poor web application security. Examples of this are the attacks affecting CoinDash and Enigma Project, where hackers altered the cryptocurrency wallet address displayed on an ICO site so that investors would unknowingly transfer funds to an attacker-controlled wallet.

The report also describes attacks on healthcare web applications, which on average received 731 attacks daily. In one incident involving a Lithuanian plastic surgery clinic, hackers published over 25,000 unclothed “before” and “after” photos of patients. Initially the hackers demanded a ransom from both the clinic (EUR 344,000) and individual patients (up to EUR 2,000).

Attacks on education-focused web applications are typically committed by students eager to “improve” their grades, seeing on average 106 attacks daily.

Positive Technologies detected a relatively low number of attacks on energy and industrial companies — on average, nine a day. These attacks tend to be very dangerous, performed by skilled hackers with intricate planning. The attackers’ goal is two-fold: to access the corporate IT network as well as the process network, where industrial control systems are located.

The most intensely targeted sectors in 2017 were IT and finance (the latter including both banks and e-procurement platforms), which had daily attack rates of 1,014 and 983 respectively. IT companies present an alluring target because of the potential for penetrating clients’ infrastructure. The NotPetya cryptoware outbreak, for instance, started with the hack of an accounting software developer. In the financial sector, most attacks continue to target web application users.

Positive Technologies analyst Leigh-Anne Galloway described what actions businesses should take to protect themselves: “As we have seen from attacks across all sectors, ensuring maximum security for a web application requires auditing through all stages of development and after it is put into production. It’s critical to regularly install any updates available for web application components and use a web application firewall (WAF), which is an essential prevention measure. Without a WAF, hackers can successfully attack within the window of time before vulnerabilities are fully patched.”

ISBuzz Team
  • ISBuzz Team
    Air Canada Data Breach: BianLian Extortion Group Claims A Massive Heist Contrary To Airline’s Earlier Statement
  • ISBuzz Team
    Unprecedented DDoS Attack Rocks The Web: Tech Giants Reveal A Digital Tsunami
  • ISBuzz Team
    CISA Flags High-Severity Adobe Acrobat Reader Flaw Amid Active Exploits
  • ISBuzz Team
    Curl Security Alert: Patching A Critical Bug Averting Potential Cyber Catastrophe

The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.

Share. Facebook Twitter LinkedIn Email Copy Link

Related Posts

Foxconn confirms cyberattack following Nitrogen ransomware claims

May 14, 20263 Mins Read

AppSec is dead, long live AI security

April 29, 20265 Mins Read

Managing App Access on Frontline Devices in an Always-On World

March 9, 20264 Mins Read
ISB-Bora-Side-Bar

 
ISB-Bora-Side-Bar
Black ISB Logo

Information Security Buzz is an independent resource that provides the experts’ comments, analysis, and opinion on the latest Cybersecurity news and topics

X (Twitter) LinkedIn Facebook RSS

Working With Us

  • About Us
  • Advertise With Us
  • Contact Us

Write For Us

  • How To Contribute

The Pages

  • Privacy Policy
  • Cookie Policy
  • AI Policy
  • Terms & Conditions
  • Copyright Notice

Information Security Buzz and all its contents are copyright © 2014-2025. All rights reserved. All third-party trademarks are recognized.

Type above and press Enter to search. Press Esc to cancel.

Manage Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
  • Manage options
  • Manage services
  • Manage {vendor_count} vendors
  • Read more about these purposes
View preferences
  • {title}
  • {title}
  • {title}