World Cup 2022 RH-ISAC Cyber Threat Landscape Summary

RH-ISAC assesses with moderate confidence that fraud and scam activity targeting fans, travelers, and consumers is likely to be the most prevalent form of cyber threat related to the World Cup.
World Cup Cyber Threats

Context

On November 20, 2020, the FIFA World Cup 2022 is scheduled to begin in Qatar. Multiple retail, hospitality, and travel organizations are involved in this event to varying degrees and on various fronts and may be affected, including:

  • Organizations, especially hospitality organizations, with a presence in Qatar
  • Organizations that handle sports betting
  • Organizations that produce, distribute, or sell sports-related merchandise
  • Travel organizations that conduct business and operations in Qatar
  • Organizations that sponsor the World Cup or related events

Cyber Threats

According to the Sport Information Sharing and Analysis Organisation (Sports- ISAO), cyber threat activity related to the World Cup has been active against consumers and organizations for some time. This is in line with historical trends, as major international sporting events have traditionally been a focal point for cyber activity.

Fraud and Scams

RH-ISAC assesses with moderate confidence that fraud and scam activity targeting fans, travelers, and consumers is likely to be the most prevalent form of cyber threat related to the World Cup. Sports-ISAO reported a large-scale fraud scheme using lures offering free streaming of the event. Additionally, Digital Shadows reported:

  • 174 malicious domains impersonating official webpages belonging to the Qatar 2022 World Cup
  • 53 impersonating mobile apps from fraudulent stores over the past 30 days
  • Dozens of social media pages impersonating assets belonging to the Qatar 2022 World Cup

Politically Motivated Threats

Digital Shadows also noted the potential for politically motivated cyber activity, such as website defacement, to exploit public attention around the event to reach a wider audience. RH-ISAC assesses with moderate confidence that this threat is low priority because, despite the moderate possibility for such attacks and similar attacks recently related to the Ukraine crisis, traditionally such attacks have had negligible impact on organizations’ security beyond having to reset a defaced website.

APT Activity

As noted by Sports-ISAO, in the past, major state-backed advanced persistent threat (APT) groups have executed successful high-profile cyber attacks against international sporting events, most notably the 2018 Winter Olympic and Paralympic Games in Pyeongchang, Republic of Korea. RH-ISAC assesses with moderate confidence that the most likely form of cyber threat from APTs will be reconnaissance and espionage operations (especially attempted data extraction and personally identifiable information theft), because of the number of prominent global figures that will likely be present for the event.

Geopolitical Tensions

The FIFA decision to host the event in Qatar has been a matter of political tension since the announcement. Several international political groups have promoted boycotts of the event over human rights issues, the U.S. Department of Justice has accused Qatar officials of bribing FIFA officials, and several governments (most notably Germany) have clashed with the Qatar government in the lead-up to the event. RH-ISAC assesses with moderate confidence that, while geopolitical tensions are likely to continue generating significant media attention, they are unlikely to have a major impact on the cyber threat landscape because threat actors interested in carrying out attacks related to the event are more likely to be motivated by state-interests like espionage or financial gain than political messaging, and those threat actors concerned with political messaging are unlikely to have a significant impact on the security of organizations participating in the event.

Recommendations

The 2022 World Cup coincides with the peak holiday season, which is already commanding a significant level of attention and resources from cyber defenders. Change freezes, increased consumer and cyber threat activity, and increased staffing demands are all occupying RH-ISAC member analysts focused on securing their operations. Many of the defensive measures members already report increasing for the holiday season will also enhance defenses against threats arising from the World Cup, including: updating policies and playbooks, educating staff and consumers on threat activity, and increased bot monitoring.

In addition to these preparations, organizations with a nexus to the World Cup are encouraged to maintain awareness around the event via open source monitoring.

 

More Recent Blog Posts