So naturally, you can expect hackers to try to ruin everything.
Two reports this week shed light on the degree to which cyberattacks are piggybacking off the event.
- Security researchers identified 16,000 scam domains using FIFA World Cup 2022 branding, cyberfirm Group-IB said in its report Tuesday.
- Cybercriminals are turning to a host of scams, from selling fake tickets to fake crypto tokens, tied to the World Cup, cybersecurity company CloudSEK said in its report Tuesday.
“The hype and popularity of the FIFA World Cup has attracted audiences from across the globe. And this in turn attracts a variety of cybercriminals, who want to exploit the varied fan following, and the organizations participating, to make a quick buck,” the CloudSEK report says. “The cybercriminals are motivated by financial gain, ideology or geopolitical affiliations.”
Those two bits of research only capture a portion of World Cup-related cybersecurity fears. Some of the worries are specific to this year’s host, Qatar, a nation that has triggered growing concern from U.S. officials in recent years over its surveillance efforts. European security regulators recently warned against downloading Qatar’s World Cup apps, saying that they posed significant privacy risks.
The Group-IB and CloudSEK research follows other warnings from the cybersecurity industry.
- State-sponsored hackers who focus on collecting intelligence “likely view the 2022 FIFA World Cup as a target-rich environment for cyberespionage and surveillance against foreign dignitaries and businesspersons alike,” Recorded Future warned this month. The firm said it didn’t expect disruptive attacks on the event from hackers backed by foreign countries, however.
- Also this month, Digital Shadows called attention to some of the same kind of scams that Group-IB and CloudSEK did. Kaspersky, meanwhile, called attention to fake match-streaming services, among other threats.
- The volume of malicious emails in Arab countries rose 100 percent in October, according to Trellix’s observations. “It is a common practice for attackers to utilize the important/popular events as a part of the social engineering tactics and particularly target the organizations which are related to [the] event and more promising victim[s] for the attack,” Daksh Kapur and Sparsh Jain wrote for the company.
Nearly 3.6 billion people watched the World Cup in 2018, FIFA said. That amounted to more than half the globe’s population of people 4 and older.
Group-IB tallied other numbers. Besides the 16,000 scam domains, the firm says it turned up about 40 fake apps in the Google Play Store, more than 90 potentially compromised accounts on Qatar’s fan ID app Hayya, as well as dozens of fake social media accounts, mobile apps and advertisements.
One example: Scammers set up a phony merchandise website purportedly selling national teams’ T-shirts, hyping it with 130 ads on social media marketplaces. When a visitor enters their bank card details, the scammers make off with their victims’ money, and maybe even their card information.
CloudSEK had some math, too. FIFA World Cup 2018 was subjected to 25 million daily cyberattacks, the company said.
Financially motivated hackers are doing things like selling fake Hayya cards needed to enter a stadium on game day, or offering phony “World Cup…
Read More: Great win, U.S. soccer team! Now, hackers
