Cybersecurity During the Fifa World Cup 2022

World Cup cybersecurity

With billions of worldwide Fifa World Cup viewers, it is a gold mine for hackers and malicious actors to exploit. Football fans aren’t the only ones tuned in to see some of the world’s top players fight for the title of 2022 champions. These eye-catching events also pique the interest of cyber threat actors with diverse resources, goals, and capabilities, with even a small success tempting enough to try.

Scams, phishing emails, and malicious URLs are mimicking these events to fake sites in the hopes of exploiting gullible internet users for illicit profit. 

What is the state of cybersecurity during the world cup, and how can participants protect their data and privacy?

How to Hackers Target the Qatar World Cup?

The sheer number of participants in the grand events of the world cup make it a juicy target for many would-be malicious actors. Whether by exploiting the naivety of some viewers, or targeting influential participants or organizers, here are the various ways in which hackers target Fifa World Cup fans.

Fraudulent Web Sites

Impersonating domains are a common choice among threat actors, who frequently employ them in the early phases of hostile activities. Threat actors frequently establish up mimicking websites to impersonate reputable, trustworthy businesses and do malicious actions. This might involve obtaining personally identifiable information (PII), login passwords, financial data, and installing malicious payloads on victims’ computers. Impersonating domains are a difficult problem for most companies, with an average of 1,100 impersonating domains and subdomains found per Digital Shadows customer every year.

Threat actors typically use domain names that are similar to real websites in order to fool consumers into clicking on them. Attackers may replace alphanumeric letters (goggle[.]com instead of google[.]com), abuse a top-level domain (TLD) (goggle[.]info instead of google[.]com), or insert a relevant term to modify the original domain (google-info[.]com, for example). To prevent identification and takedowns, threat actors will frequently register with a well-known bulletproof hosting provider, which will also insulate them from law enforcement operations.

Fraudulent Mobile Apps

In addition to a renowned domain name, most businesses now have their own mobile app, which is used to connect with clients, establish engagement, and cultivate brand loyalty. FIFA is presently maintaining many official applications across respectable app shops for the Qatar 2022 World Cup. In reality, mobile applications, like domains, fall into the category of extremely valuable intangible assets that any firm with an internet presence maintains.

At the same time, mobile apps increase the attack surface for any firm. There are dozens of counterfeit applications published through illegal app stores for every real app made by World Cup organizers. These malicious programs pose a risk to both customers and developers, and they are easily located online utilizing the most popular search engines.

Fake Social Media Pages

In terms of intangible assets, social media sites have become a critical component of any organization’s communication strategy during the last 10 years. These pages are now required to develop a brand, attract new business, and answer consumer complaints.

Every day, millions of internet users check their favorite social media pages to remain up to date on the latest releases, deals, and news. The same thing certainly occurs with big events such as the Qatar 2022 World Cup, with people flocking to the official website to learn everything there is to know about the tournament.

The vast majority of phony social media pages are created by financially motivated hackers at the low end of the skill scale.

Social Media Impersonation

When it comes to trademark and logo theft, social media accounts aren’t the only thing to be concerned about. Impersonating VIPs and executives may also be used to undertake social engineering assaults. One of the most prevalent strategies employed by threat actors when impersonating CEOs is business email compromise (BEC), which is a strategy in which an email or social media message sent from a phony VIP profile convinces workers to perform a certain action (usually transferring money to an attacker-controlled bank account). Given the significant losses connected with this social engineering strategy, the FBI named this tactic the “$26 Billion scam” in 2019.

Stolen Credentials

In May 2022, Digital Shadows released a study paper on account takeover (ATO), examining more than 24 billion credentials gathered over the years to paint a picture of this endemic issue for both people and companies. In our article, we focused on three major factors that enable attackers to carry out such attacks: the ever-expanding digital footprint, human and technological constraints in terms of safe authentication, and (one again) weak and exposed passwords.

Credentials may be gained through a variety of means, including social engineering and malware deployment. The most popular approach to get credential pairs, however, is to purchase them from a dedicated cybercriminal marketplace, forum, or automated vending cart (AVC).

Purchasing comparable logs allows any threat actor to extract the credentials entered on the afflicted account’s workstation while Redline was running. Once in possession of a user’s credentials, attackers may usually access the account unless suitable protections, such as multi-factor authentication (MFA), are in place.


Due to the onset of the Russia-Ukraine war in February 2022, we’ve seen a substantial upsurge in hacktivist operations throughout 2022. Since then, many pro-Russian and pro-Ukraine hacktivist organizations have carried out a series of cyber operations in an attempt to disrupt their opponents. The majority of the detected attacks were distributed denial of service (DDoS) attacks, website defacements, and data destruction activities that were crowdsourced.

Monitoring communication channels dedicated to the organizing of such activities can help prevent prospective hacktivist assaults. As seen in the sample below, some threat actors preferred internet relay conversations (IRCs) to orchestrate DDoS assaults in 2014. Nowadays, most high-profile hacktivist organizations, such as the pro-Ukrainian “IT Army of Ukraine” or the pro-Russian “KillNet,” prefer to plan cyber assaults and share targets using platforms like Telegram.


Ransomware attacks may target Qatari and international companies responsible for arranging this tournament. Given the large number of cybercriminal groups engaged in this activity and the harm inflicted by these assaults, ransomware is undoubtedly the most pressing cyber threat for many businesses right now. Despite the fact that ransomware activity has slowed in Q3 2022, multiple high-profile assaults have damaged enterprises in recent months, underlining the relevance of ransomware in the present cyber threat scenario.

Initial access brokers are another danger actor to keep an eye on ahead of the Qatar 2022 World Cup (IABs). IABs operate as intermediaries in creating and selling exploited accesses into various networks to other cybercriminals in the complex ransomware ecosystem, which includes operators, developers, affiliates, and others. Given that the ransomware criminal industry is undoubtedly one of the most profitable in this sector, IABs and ransomware organizations have frequently collaborated. Monitoring for IABs listings can provide firms with a competitive advantage in proactively managing this issue and avoiding ransomware and other cybercriminal activities.

How to Secure Yourself during the Qatar World Cap

The advice on how to stay safe amid the World Cup is pretty much the same as staying safe in any other context. Stay vigilant, secure your devices. However, here is a bit more detail:

Keep an eye out for imitation

Many scam websites may utilize a domain name that is close to the brand being imitated, but with extra letters or misspellings.

Pay attention to the URLs to see if there is anything strange or suspect to ensure that you are not handing over your financial information to crooks.

You may easily verify the integrity of a website by spending a moment to search for tell-tale signals that it may be bogus.

Never reveal your credentials

Theft of credentials is a typical purpose of phishing emails. Because many users reuse their usernames and passwords across several accounts, obtaining the credentials for one account is likely to grant an attacker access to others.

Not all attacks are also direct. Some phishing emails contain software, such as keyloggers or trojans, that are meant to monitor your computer’s password entry.

Never provide your password to anybody, and if an email directs you to a login page, go to the site directly and check in to avoid lookalike phishing sites.

Protect your mobile device

With most people accessing our emails from our phones and hackers also sending harmful text messages, it’s critical that our mobile devices be likewise secured from the most recent dangers.

A cybercriminal with access can take an infinite quantity of information, and a breach might even put the victim’s known connections at danger.

As a result, it is critical to employ preemptive mobile threat defense solutions that shield devices against modern mobile attacks.