The UK’s anti-doping agency has been on the receiving end of over 11,000 malicious emails in the final three months of 2019, according to new Freedom of Information (FOI) data.
Think tank Parliament Street collected the FOI evidence from UK Anti-Doping (UKAD) and found the agency had been bombarded by 11,148 spam and malicious emails in Q4 last year.
Over a fifth (21%) were phishing emails, while the number of messages containing malware rose from just four in October to 41 in December, totalling 52 for the entire quarter.
Fortunately, UKAD believes none of the attempts were successful, although it would certainly be on the radar of state-sponsored attackers.
Russian hackers from the infamous Fancy Bear group (aka APT28, Sofacy) that hacked the Democratic Party officials ahead of the 2016 US Presidential election were named by the UK’s National Cyber Security Centre (NCSC) as behind attacks on UKAD’s global equivalent, WADA.
They were looking for internal data to damage the agency’s reputation for fairness after it banned Russian athletes from competing globally as punishment for a major doping operation orchestrated by the Kremlin.
Those hackers were apparently at it again when Russian athletes received a new four-year ban, which will cover the 2020 Olympics and 2022 FIFA World Cup.
“These figures are a reminder of the cybersecurity hurdles faced by athletics and sports organizations tasked with managing the confidential data of high-profile individuals. Many of these agencies require staff members to travel regularly, meaning mobile devices like laptops and tablets are a top target for hackers and opportunistic thieves,” explained Absolute Software VP Andy Harcup, of the FOI data.
“Addressing this problem requires all organizations to embrace a resilience-first approach to cybersecurity. This means making critical apps self-healing and gathering insights to remedy end-point vulnerabilities, so that hackers are kept locked out. Additionally, having the ability to track, freeze and wipe lost devices will guarantee that lost or stolen devices containing highly confidential data are protected at all times, in all circumstances.”