Threat Management, Vulnerability Management, Threat Management

Cybercriminals look to exploit sports fans with World Cup-themed attacks

FIFA World Cup 2022
Players and match officials walk into the pitch prior to a FIFA World Cup Qatar 2022 match on Nov. 28, 2022, in Doha, Qatar. (Photo by Michael Steele/Getty Images)

As the sports world’s attention turns its eyes to Qatar for the 2022 FIFA World Cup, threat actors are looking to cash-in or draw attention to their cause with attacks aimed at drawing unsuspecting fans who may be more distracted with rooting for their favored teams than cybersecurity.

“The cybercriminals are motivated by financial gain, ideology, or geo-political affiliations,” according to a new report by contextual artificial intelligence firm CloudSEK, which looks at the various threats aimed at fans and organizations with World Cup-themed attacks and tactics.

As noted in the report, previous sporting events such as the World Cup and the Winter Olympics in 2018 were subject to 25 million and 12 million cyberattacks per day, respectively.

A screen image from CloudSEK's report shows a Telegram channel offering fake tickets to the 2022 FIFA World Cup.

Financially motivated cybercriminals have resorted to selling fake Hayya cards (FIFA entry permits), match tickets, and even leveraging stolen credit cards to arrange travel and lodging for the game.

The CloudSEK report noted that several Telegram channels offer fake Hayya cards requiring valid identification from buyers and only accept Bitcoin as payment.

As is an official sponsor and Binance has partnered with popular soccer player Cristiano Ronaldo to promote soccer-themed NFTs, scammers are selling “World Cup Coin” and “World Cup Token.”

An image from CloudSEK's report on FIFA World Cup-themed threats shows a screenshot of a hacktivist claiming to take down a Qatar-based site via DDoS attack.

In the meantime, hacktivists groups are using the month-long event to take to social media to rally their followers and allies to boycott the Qatar 2022 FIFA World Cup. Hacktivists claimed to have launched DDoS attacks on Qatar-based websites, often posting proof to social media.

The Singapore-based AI security firm recommends that fans only purchase from official sites and to be wary of deals that seem too good to be true. 

It also recommends participating organizations use load balancers and services such as Cloudflare to avoid DDoS attacks, as well as monitoring phishing sites, fake apps, and copy-cat social media pages in real time for takedowns.

"The gap between the supply and demand of FIFA World Cup game tickets, flight tickets, hotels, souvenirs, etc., has been co-opted by cybercriminals, to defraud fans and enthusiasts," said a CloudSEK researcher in a press release. "Despite the attractive offers and lures, users should restrict their purchases to official websites and mobile apps. And companies that are FIFA sponsors should bolster their security mechanisms and stay up to date on threat actors' tactics and techniques."

The World Cup is set to run through Dec. 18.

Stephen Weigand

Stephen Weigand is managing editor and production manager for SC Media. He has worked for news media in Washington, D.C., covering military and defense issues, as well as federal IT. He is based in the Seattle area.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.