'Nul Points!': Experts Warn Cybercriminals Are Using Eurovision to Attack UK SMEs 

Cybercriminals could exploit the Eurovision Song Contest to defraud UK businesses, experts are warning ahead of next week’s musical spectacular in Liverpool. 

The North West Cyber Resilience Centre(NWCRC) has said that criminals will be "looking for any opportunity to take advantage of a situation and that the European song content provides an ideal opportunity to launch attacks on UK enterprises. 

“We are asking all businesses across the North West, but particularly Merseyside, to be vigilant against potential cybercrime in the run-up to the Eurovision Song Contest in May,” said Dan Giannasi, Head of Cyber and Innovation at the NWCRC. 

“Protecting your organisation is critical for businesses involved in the event but also the wider business community across the region.”

Phishing attacks via emails and messages and fake invoices are among the methods criminals could use ahead of the event to attack businesses in the UK and beyond.

The NWCRC also urged companies to stay wary of malware attacks, which it said could be used to take over company systems, which are severely under-protected in the region. 

“Currently, we are hearing about an increased number of phishing scams, where fraudsters are trying to get personal information and take payment while impersonating businesses.”

“Small businesses, in particular, can be vulnerable as they often lack the in-house skills and knowledge to protect themselves effectively,” Giannasi said. 

A region prone to cybercrime

The NWCRC’s warning comes after the Government’s Cyber Security Breaches Survey 2022 found that almost half of the small businesses in the Northwest had a cyber breach or attack in the previous 12 months. 

What's worse is that only 28 per cent had carried out a risk assessment of cyber security risks following the breach. 

Giannasi warned that businesses in the supply chain of hosting the European song contest may be working with new third-party suppliers, customers and enterprises, making it more difficult to spot fraudsters.

“We strongly advise businesses in the North West, and in particular businesses in the supply chain for the Eurovision Song Contest such as hotels, transport providers and any other suppliers, to update all of their software, ensure their firewalls and virus protection is up-to-date and switch on two-factor authentication wherever possible.”

The centre's founder and MD of Manchester Digital, Katie Gallagher, said: “Cybercrime is increasingly more sophisticated so it can be really hard to spot phishing or hacking attempts.

"Fraudsters will be relying on businesses dealing with unfamiliar suppliers and customers and looking for any opportunity to take advantage of a situation.”

#Don’tMissABeat

With the risk of cybercrime heightened in the run-up to Eurovision the Cheshire and Merseyside Integrated Care System (ICS) has created the #DontMissABeat campaign to help organisations manage and improve security ahead of the contest. 

The aim of the campaign is to help health and care staff and those getting involved in Eurovision activities gain an understanding of the threat of cybercrime and the ways in which their actions can help or hinder these types of attacks. Enabling them to protect themselves, the organisations they work for, and the event itself.

In August last year, hackers infiltrated the UK’s National Health Service and used ransomware software LockBit 3.0 to attack Advanced, the company behind the Adastra patient management software used by the NHS, and force vital systems offline.

The outage affected over 5.5 million patients across Scotland, England and Wales, forcing doctors and medical staff to keep patient files on pieces of paper and email for months as systems remained offline until mid-October. 

To read more about ransomware attacks, visit our dedicated Business Continuity Page

Speaking about the #DontMissABeat campaign, Matt Connor, Chair of the Cheshire and Merseyside Integrated Care System’s Cyber Security Group said that businesses must learn how to act in the face of heightened cyber risk. 

“Cybercriminals often use popular events, such as Eurovision, to try to take advantage of their victims by tricking them into performing actions they can exploit, such as clicking on a malicious link or giving away confidential information.”

“Through launching the #DontMissABeat campaign we wanted to arm our health and social care staff in Cheshire and Merseyside as well as those who are taking part in Eurovision activities this year, with an awareness of four key cyber security practices they can follow to help protect themselves, and others around them, from falling foul of cybercriminals.”