How does Formula 1 protect itself from cyber attacks?
The race weekend is a busy moment for drivers, mechanics and, above all, managers of Formula 1 teams. Zak Brown received a fraudulent e-mail in which criminals were trying to impersonate a business partner and reported an alleged exchange of representatives and bank accounts for sending payments, which, in reality, never existed. It was a sophisticated, legitimate-looking phishing email that mimicked the partner’s original domains; but it never made it to the executive’s box because of the security systems in place by the team.
The message not only went to the spam box but also had the links suppressed; that is, even if it came to Brown’s eyes, he would notice that something could be wrong. The protection was the result of a partnership between McLaren and Darktrace, one of the team’s sponsors and also a provider of digital security and protection solutions that are essential for a sport that has always lived the challenges of remote work and teams located in different parts of the world that many companies are just experimenting with.
According to Darktrace product director Dave Palmer, in an interview with the ZDNet website, the criminal behavior related to the Formula 1 is the same as so many other major companies. The bad guys are eyeing industrial secrets and the possibility of crashing systems at a critical moment in order to demand high ransom values. The race weekend is the preferred time, with the specialist stating that, in these periods, 3.5% of messages received by team leaders, drivers, engineers and others involved in the motorsport circus are fraudulent.
This is a reality that the Williams Formula 1 team saw very closely in 2014, when he found himself the victim of a ransomware attack. The blow didn’t come on a race weekend, but on a vacation—the criminals’ mistake was to start locking files on a Friday afternoon while the company’s IT professionals were still working. The malware movement was mitigated and there was no infrastructure damage or data leakage, but if the attack had started just hours later, the bad guys would have the entire weekend to act, possibly without being discovered.
The vector of the scam was an employee, who downloaded the manual to his washing machine from a compromised website. Even at a time when security systems weren’t as advanced as they are today, the case lit a red alert for Williams, which also became one of the first teams to provide cybersecurity training to its employees. According to Graeme Hackland, the team’s director of technology, the idea is to always deliver the notion that the company is constantly under attack and that care is not enough.
The expert cites other examples, in which phishing attacks were attempted from partner companies, which ended up being compromised, or a case in which fraudulent emails were sent from a domain similar to Williams, but only changing the two lowercase L letters to uppercase I characters. The attempts have also led to partnerships with cybersecurity company Acronis, as well as monitoring even fan posts in the accounts of pilots George Russell and Nicolas Latifi, in search of malicious publications.
As well as During the Formula 1 season, which passes through dozens of countries on almost every continent, the teams’ security teams also observe threats regionally. Every race weekend, the Mercedes-AMG Petronas team, currently vying for another world title from its main driver, Lewis Hamilton, receives a report from the security firm CrowdStrike, with targeted hazards and threat intelligence, as well as indicators dedicated to possible dangers against its members or the sport itself.
George Kurtz, CEO of the digital protection company, cites the challenges of an inherently remote workforce that is in a different country every week and needs to communicate with an international workforce — mechanics and pilots talk to the factory as well as executives in different parts of the world, all securely and with endpoint solutions in terminals, computers, smartphones and other devices.
Data from the teams may be of interest in industrial espionage operations, often financed by nation-states. It is a notion presented by Kurtz and corroborated by Hackland, who points out, on the other hand, a character that only increases the aggressiveness of the attacks. As Formula 1 rules require transparency, while the races are fully broadcast on TV, many innovations do not remain secret for long, making time for an attacker to profit or take advantage of a leak sooner. everything is no longer a secret.
At Mercedes, endpoint protection is the main focus and also the point that the team considers the most secure. Access controls and the ability to quickly isolate compromised systems are at the heart of the team’s cybersecurity strategy, which posed an additional factor of challenge for CrowdStrike as, in the team, a crashed system or communications breakdown between mechanics in the circuit and the factory could ruin everything.
Preparation is also the watchword for Ferrari. Last year, at an event to commemorate the 10 years of partnership with Kaspersky , the team talked about a strategy that takes safety as the basic point of building the systems, just as it happens with a car. As protection, in vehicles, comes first, the same must also be true for digital systems.
For Alessandro Sala, former director of technology and security at Ferrari, it’s in the mix training for all involved and robust protection, mitigation and threat intelligence systems that are the key to Formula 1’s digital defense. For Kaspersky, this is one of the most complex customers and also one of the best examples of protection Robust and high-level digital.
Proof of this is that, not only in the case of Ferrari, but of all others, there has still not been heard of a serious case of cybercrime in the circus of Formula 1 despite the countless attempts and stories that experts from any of the teams can tell. At least for now, the victory is for the sport against the bad guys and when the lights go out, the only concern is about who will be the first to receive the flag.
Source: ZDNet
