Champions League final broadcast could be under threat from malware

Champions League final broadcast could be under threat from a ‘sophisticated’ new malware strain spreading across Ukraine, security experts warn

  • Hackers could use malware to disrupt live Champions League broadcast 
  • VPNFilter malware has now spread to 500,000 routers worldwide
  • Experts have seen a spike in malware infections in the lead-up to the match
  • e-mail


Hackers could be preparing to bring down the Champions League final broadcast this weekend, security experts have warned.

Coverage of the match could be disrupted by a ‘sophisticated’ new strain of malware, which has already infected half a million routers worldwide.

The highest concentration of infected routers is in Ukraine, where the Champions League final between Real Madrid and Liverpool will be held in the Olimpiyskiy National Sports Complex on Saturday.

The malware – dubbed VPNFilter – was first uncovered by Cisco Systems’ cybersecurity unit, Talos.

According to the Cisco Systems researchers, the number of routers infected with VPNFilter has spiked this month, with almost all of the newly-infected devices located in the Ukraine.

The spread of a new malware strain across Ukraine could indicate a plan to disrupt the Champions League final broadcast, security experts have cautioned

Cyber Security expert Pascal Geenens believes the timing of this spike in malware could hint at plans to disrupt the Champions League final broadcast.

Pascal Geenens, who works as a Cyber Security Evangelist for security firm Radware, told MailOnline: ‘I would not discount that a nation state is trying to discredit Ukraine through interfering with the broadcast of the Champions League or deprive people from watching the broadcast.’

He believes a disruption to the broadcast could be achieved by targeting the stadium services with a Distributed Denial of Service (DDoS) attack.

DDoS attacks flood a targeted website or service with a torrent of superfluous requests in an attempt to overload the servers and cause it to crash.

According to Geenens, a DDoS attack at the Olimpiyskiy National Sports Complex could impact broadcasters’ online streaming platforms.

‘The attacks could either directly target the broadcaster or could attack the DNS services like was done on Dyn in Oct 2016,’ he explained.

Dyn is a domain registration service that was attacked by a devastating DDoS attack back in 2016.

The cyberattack on Dyn triggered huge outages to Twitter, Amazon, Netflix, Reddit, CNN, Spotify, and more, across North America and Europe.


DDoS stands for Distributed Denial of Service. 

These attacks attempt to crash a website or online service by bombarding them with a torrent of superfluous requests at exactly the same time.

The surge of simple requests overload the servers, causing them to become overwhelmed and shut down.

In order to leverage the number of requests necessary to crash a popular website or online service, hackers will often resort to botnets – networks of computers brought under their control with malware.

Malware is distributed by tricking users into inadvertently downloading software, typically by tricking users into following a link in an email or agreeing to download a corrupted file.

It is believed hackers used between 100,000 to 250,000 infected devices to execute its attack, which highlights the potential damage that could be caused with the 500,000 devices infected by VPNFilter.

Pascal Geenens told MailOnline: ‘Considering the reports on the attacks on Dyn mention between 100,000 to 250,000 unique source IPs, a botnet consisting of 500,000 devices is a powerful weapon that can impact any service if it is not protected adequately.’

The exact capabilities of the VPNFilter malware remain unknown, with security experts still pouring over the code to determine the intent behind the mass infection.

Ukraine cyberpolice said in a statement it was possible the hackers planned to strike during ‘large-scale events,’ a reference that could allude to the Champions League final, or to the country’s upcoming Constitution Day celebrations.

The Champions League final will be held at the Olimpiyskiy National Sports Complex stadium. Security experts believe malware could be used to disrupt broadcasts from the stadium

Chief Technology Officer of Bromium, an anti-virus start-up based in California, Fraser Kyne believes it is the latter.

He told MailOnline: ‘Hackers are opportunists and a large scale global event, like the Champions League final, is the perfect opportunity to inflict maximum chaos and gain greater exposure.’

‘In situations like this threats often slip through the net because there are so many additional security concerns caused by the massive influx of people flooding into the city for the match, meaning security teams are distracted,’ he added.

Not all experts believe the recent spread of VPNFilter across Ukraine is linked to the upcoming Champions League final.

Fans have already started to arrive in Kiev ahead of the clash between Real Madrid and Liverpool. It’s unclear whether the hackers will coincide their attack with the event

Peter Bassill, founder of Hedgehog Cyber Security, told MailOnline: ‘While there is not enough evidence at the moment to identify the true purpose of the mass infection, the bulk of the infections being within a single geographical region does raise the eyebrows somewhat.

‘With the recent events over the past 48 months, it would be understandable to attribute this to a state sponsored attack.

‘However, at this present time it is impossible to say this with any level of certainty. What we can draw from the events so far is the attackers are well equipped, skilled and financed.’

Earlier this week, the US Justice Department said the malware ‘could be used for a variety of malicious purposes, including intelligence gathering, theft of valuable information, destructive or disruptive attacks, and the misattribution of such activities.’ 


US cyber security firm Symantec has claimed a group it dubs ‘Dragonfly’ has attempted to hack energy grids around the world.

The group targeted energy companies in the United States and Europe and in some cases broke into core systems that control the companies’ operations.

The group uses malicious emails, software and websites to infect computers used by employees of energy companies.

For example, one campaign sent malicious emails disguised as an invitation to a New Year’s Eve party to targets in the energy sector in December 2015.

Once opened, the attached malicious document would attempt to leak victims’ network password and username to a server outside of the targeted organisation. 

The Dragonfly group appears to be interested in both learning how energy facilities operate and also gaining access to operational systems themselves.

Symantec said the group now potentially has the ability to sabotage or gain control of these systems should it decide to do so. 

Source: Read Full Article