LONDON, July 23 (Xinhua) -- A top-flight English football club came close to losing a million pounds (1.27 million U.S. dollars) in an attempt by hackers to sabotage a transfer deal, a report revealed Thursday.
Only intervention by the club's bankers prevented the loss at the unnamed Premier League club, the report by Britain's top cyber security agency disclosed.
The first ever report by Britain's National Cyber Security Center (NCSC) into cyber threats to the sports industry revealed it to be a high-value target.
The report reveals at least 70 percent of major sports organizations suffer a cyber incident every 12 months, more than double the average for British businesses.
Urging the sports industry to tighten cyber security, the report outlines examples of blocked turnstiles at football stadiums, hacked transfer deals and fraudulent equipment sales among incidents targeting the sports sector.
One incident revealed in the new report, "Cyber Threat to Sports Organisations" involved the emails of a Premier League club's managing director being hacked before a transfer negotiation. As a result, the million pound fee almost fell into the hands of cyber criminals.
The report said: "During a transfer negotiation with an overseas football team, the email address of the managing director of a Premier League club was hacked by cyber criminals. Only a late intervention from the bank prevented the club losing the fee."
Other incidents include an attack which brought the turnstiles of an English Football League (EFL) club to a standstill and almost led to the cancelation of a football match.
The club suffered a significant ransomware attack which crippled their corporate and security systems. As a result of the attack, the turnstiles at the ground were unable to operate.
A spokesperson for the NCSC said: "As the sports sector recovers from the impact of the coronavirus pandemic and continues to plan for the future, the NCSC is urging organizations to consider the findings of the report and follow its advice, such as putting in place security controls - often at low cost - and backing up data."
Paul Chichester, director of operations at the NCSC, said: "Sport is a pillar of many of our lives, and we're eagerly anticipating the return to full stadiums and a busy sporting calendar.
"While cyber security might not be an obvious consideration for the sports sector as it thinks about its return, our findings show the impact of cyber criminals cashing in on this industry is very real."
Sir Hugh Robertson, chair of the British Olympic Association, said in the report: "Improving cyber security across the sports sector is critical. The British Olympic Association sees this report as a crucial first step, helping sports organizations to better understand the threat and highlighting practical steps that organisations should take to improve cyber security practices."
Other cyber incidents highlighted in the report include an employee at an organization holding athlete performance data had their email address compromised, allowing hackers access to sensitive information over several months.
The NCSC, in the report, identified three common tactics used by criminals to assault the sector on a daily basis. These are business email compromise (BEC), cyber-enabled fraud, and ransomware being used to shut down critical event systems and stadiums.
The study revealed around 30 percent of cyber incidents caused direct financial damage, averaging 10,000 pounds (12,733 dollars) each time; the biggest single loss was over 4 million pounds (5.09 million dollars).
Over 70 percent of sports organizations surveyed said they have experienced one cyber incident or breach in the past year, with 30 percent recording over 5 incidents during the same period
Approximately 40 percent of attacks on sports organizations involved malware and a quarter of these involved ransomware. Enditem
