Cybercriminals look to exploit sports fans with World Cup-themed attacks

by | Nov 29, 2022 | News

2022 Qatar World Cup-themed attacks

Post Views: 121

Premium Content

Patreon

Subscribe to Patreon to watch this episode.

Reading Time: 3 Minutes

World Cup-themed attacks and tactics

 

As the sports world’s attention turns its eyes to Qatar as it hosts the 2022 FIFA World Cup, threat actors are looking to cash-in or draw attention to their cause with attacks aimed to draw unsuspecting fans who may be more distracted with rooting for their favored teams than with cybersecurity.

“The cybercriminals are motivated by financial gain, ideology, or geo-political affiliations,” according to a new report by contextual artificial intelligence firm CloudSEK, which looks at the various threats aimed at fans and organizations with World Cup-themed attacks and tactics.

As noted in the report, previous sporting events such as the World Cup and Winter Olympics in 2018 were subject to 25 million and 12 million cyberattacks per day, respectively.

 


A screen image from CloudSEK’s report shows a Telegram channel offering fake tickets to the 2022 FIFA World Cup.

See Also: So you want to be a hacker?
Complete Offensive Security and Ethical Hacking Course

Financially motivated

 

Financially motivated cybercriminals have resorted to selling fake Hayya cards (FIFA entry permit), match tickets, and even leveraging stolen credit cards to arrange travel and lodging for the game.

The CloudSEK report noted that several Telegram channels offer fake Hayya cards requiring valid identification from buyers and only accept Bitcoin as payment.

As Crypto.com is an official sponsor and Binance has partnered with popular soccer player Christian Renaldo to promote soccer-themed NFTs, scammers are selling “World Cup Coin” and “World Cup Token.”

 


An image from CloudSEK’s report on FIFA World Cup-themed threats shows a screenshot of a hacktivist claiming to take down a Qatar-based site via DDoS attack.

 

In the meantime, hacktivists groups are using the monthlong event to take to social media to rally their followers and allies to boycott the Qatar 2022 FIFA World Cup. Hacktivists claimed to have launched DDoS attacks on Qatar-based websites, often posting proof to social media.

The Singapore-based AI security firm recommends that fans only purchase from official sites and to be wary of deals that seem too good to be true. 

Trending: Find Hidden Info using Google Dorking manually, and Automated using Pagodo

Trending: Offensive Security Tool: linWinPwn

Recommendations

 

It also recommends participating organizations to use load balancers and services such as Cloudflare to avoid DDoS attacks, as well as monitor and takedown phishing sites, fake apps, and copy-cat social media pages in real time.

“The gap between the supply and demand of FIFA World Cup game tickets, flight tickets, hotels, souvenirs, etc., has been co-opted by cybercriminals, to defraud fans and enthusiasts,” said a CloudSEK researcher in a press release. “Despite the attractive offers and lures, users should restrict their purchases to official websites and mobile apps. And companies that are FIFA sponsors should bolster their security mechanisms and stay up to date on threat actors’ tactics and techniques.”

Trending: AXLocker – a new ransomware that encrypts yours files, and then steals your Discord account

Are u a security researcher? Or a company that writes articles or write ups about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing?

If you want to express your idea in an article contact us here for a quote: [email protected]

Source: scmagazine.com

Source Link

Merch

Recent News

EXPLORE OUR STORE

Offensive Security & Ethical Hacking Course

Begin the learning curve of hacking now!

Information Security Solutions

Find out how Pentesting Services can help you.

Join our Community

Share This