Viewers watching the World Cup game between France and Morocco on the streaming video service FuboTV had their viewing interrupted following what the company described as a “criminal cyber attack.”
The exact form of attack was not disclosed, with FuboTV saying that the incident was not related to any bandwidth constraints on their part. Ticking the standard list of responses, FuboTV said that it has informed law enforcement of the incident and has engaged Google LLC’s Mandiant to assist in its investigation and response.
“Our primary focus currently is on ensuring that the incident is fully contained and that there is no threat of further disruption for any of our customers,” FuboTV said in a statement. “Our investigation is at an early stage, but we are committed to transparency regarding this incident.”
In a separate status update, Chief Executive Officer David Gandler apologized to customers, saying that the company deeply regrets the inconvenience caused to customers during the match.
The obvious attack vector to interrupt a game being streamed by an IPTV company would be a distributed denial-of-service attack, flooding the company’s servers with data. However, given that FuboTV claims there were no bandwidth issues, that’s presumably ruled out.
While the company has not mentioned any data theft, their wording, specifically “on ensuring that the incident is fully contained,” could point to malware or a possible ransomware attack. If it were a one-off DDoS attack, there would be nothing to contain; if the attack was ransomware running through their systems, containment would be required.
“Cybercriminals know that major world celebrations, events and holidays are a prime time to launch cyberattacks,” Karen Worstell, senior cybersecurity strategist at cloud computing company VMware Inc., told SiliconANGLE. “When it comes to popular events like the World Cup, many people around the globe are tuning in through streaming apps and services, creating a greater attack vector – especially when vigilance is low, and password protection methods like multi-factor authentication are overlooked.”
Worstell noted that while large organizations know to be on alert during the holiday season, on weekends or holidays organizations may be tempted to operate with a reduced staff, resulting in longer incident response times and more potential damage.
“A best practice is to anticipate the increased level of cybercrime during the holiday season and create incentives and bonus time off for leadership and detection and response teams so they can remain on full alert with prime response capability,” Worstell added.