The UK National Cyber Security Centre (NCSC) issued a warning Thursday that said football teams are at an increased risk of ransomware attacks and phishing campaigns—with a recent incident highlighting this issue.
Earlier this week, an unnamed English Football League (EFL) club was attacked by hackers, according to the report, who encrypted all its security and corporate systems. They demanded 400 Bitcoin ($3.8 million at current rates) to release the decryption key.
But the club didn’t pay up and the hackers went forward with their attack, leading to severe financial damages—reportedly several hundred thousand pounds including remediation—for the club.
The NCSC said the initial infection was either a phishing email or the club’s CCTV systems being remotely accessed to install malware. The agency noted, “Several servers were also affected, leaving the club unable to use their corporate email.”
“The stadium CCTV and turnstiles were non-operational, which almost resulted in a fixture cancellation,” it added.
All systems at the stadium were connected to one network, making it easy for the attack to spread once a single system was infected.
Hackers target English football clubs
NCSC director of operations Paul Chichester said profit-hunting football clubs may not view cybercrime as a huge issue. However, it remains a concern for the UK’s broader cybersecurity goals.
“While cybersecurity might not be an obvious consideration for the sports sector as it thinks about its return, our findings show the impact of cybercriminals cashing in on this industry is very real,” said Chichester.
This month, a prominent Premier League club was infiltrated after hackers used fake emails to conduct a player transfer; almost stealing over a million pounds before someone at the club flagged the transactions.
Hackers are also casting a wide net. As per the NCSC warning, over 70% of UK sports organizations have experienced a cybersecurity breach in 2020. Out of those, 30% reported over five incidents, a metric “more than double the average for UK businesses.”
Meanwhile, the watchdog said football clubs must allocate part of their time, and money, towards protecting their data.
“As the sports sector recovers from the impact of the coronavirus pandemic and continues to plan for the future, the NCSC is urging organizations to consider the findings of its report and follow its advice, such as putting in place security controls – often at low cost – and backing up data,” the agency said.
With this warning coming on the back of a massive Twitter hack, it shows hackers will target anyone—not even football is safe.