FIFA World Cup cyberattacks already underway, industry warns

8 Nov 2022

Image: © JorgeEduardo/Stock.adobe.com

Legal and cybersecurity professionals have said that the World Cup in Qatar is likely to be ‘heavily targeted’ by cyber gangs and ‘nation-state affiliated hackers’.

Cybersecurity professionals are warning that football fans and businesses serving them may be under threat from cybercriminals targeting the World Cup.

The Sport Information Sharing and Analysis Organisation (Sports-ISAO), a non-profit which specialises in cybersecurity for sports teams, leagues, athletes and fans, has said that some cyberattacks have already been spotted.

The FIFA World Cup 2022 is due to kick off in Qatar on 20 November and is scheduled to run until 18 December. The choice of Qatar as a location has already proved hugely controversial.

Now, Sports-ISAO and other concerned cybersecurity professionals are pointing out that fans and businesses alike should be extra careful because “many groups will exploit the World Cup global audience for malicious aims using social media and hacking tactics”. That’s according to Stephen Campbell, a cyber consultant at Sports-ISAO.

“Certain Russian groups, like Fancy Bear and Sandworm, may be less active this time because of the war in Ukraine,” Campbell said. But a new threat to be aware of over the next few months will be cyber gangs lurking on the internet sidelines.

Douglas DePeppe, founder of Eosedge, a US company that specialises in legal cybersecurity consultancy services, said that the World Cup in Qatar is likely to be “heavily targeted” by cyber gangs and even “nation-state affiliated hackers”.

“Fans should be wary about social media links offering free streaming of matches. Sports-ISAO uncovered massive click-fraud schemes during past events which began with lures offering free streaming,” DePeppe added.

“After clicking on the link, the user’s device would become compromised and exploited to become part of a large botnet which engaged in advertising fraud. Once compromised, the device could be exploited further, such as credential harvesting leading to identity theft and other thefts against the device owner.”

For the global business community, the risks include workers wanting to watch matches from work using streaming services which may not be trustworthy, as well as clicking on email and web page banner links.

The overall message, however, was to avoid “inattentive smartphone clicking, especially on social media”, DePeppe recommended.

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.

Blathnaid O’Dea is Careers reporter at Silicon Republic

editorial@siliconrepublic.com