BLOG

A World Cup of Phishing and Cyberattacks

Jay Kelley Miniatura
Jay Kelley
Published December 02, 2022

Not to be a grinch, but the holiday shopping and giving season means there will be more phishing, ransomware, and other cyberattacks than usual.

Indeed, things could get even messier this year, as the world’s biggest sporting event—the FIFA World Cup Qatar 2022—takes place from 20 November until 18 December. During this time, and especially as we are currently entering the knockout stages, emotions will undoubtedly run high and online activity will be off the charts.

In this near-perfect storm, would-be attackers can choose from an array of opportunities to launch their social engineering schemes. Armed with more attack vectors than Brazil’s starting lineup, they’ll be ruthlessly match-fit, enticing us to open infected emails, click on links to phony or rogue websites, or download a malware-laden attachment.

This isn’t breaking news. Believe it or not, the World Cup 2022 scams and cyberattacks already kicked off over a year ago.

For example, phishing emails purporting to be from FIFA officials have been touting premium seats and free access to hospitality events associated with the tournament and participating countries. All a recipient had to do was click on a link to a website asking for payment or banking info. Their device would then be infected with malware capable of stealing credentials and more. And, when they entered their details on the fake website, the information would be stolen, compromised, harvested for sale on the Dark Web, and likely used for illicit purchases.

Some phishing emails even appeared to be from the FIFA ticket office about a payment issue, complete with a malicious HTML attachment. Another claimed to be about ticket transfers, falsely stating that the recipient’s multi-factor authentication (MFA) had been turned off, and then directing them to a malicious website.

There are also fake World Cup websites that appear very official, with URLs that look as real as, or at least very close to, FIFA originals. Most have valid certificates and even the browser padlock to show they’re certified. Unsurprisingly, these websites are loaded with malware that can infect a visitor’s device and apps.

Some phony websites also featured fake stores for people to purchase World Cup tickets that don’t exist. Imagine traveling all the way to Qatar only to find that you can’t even watch the game! On top of that, your banking info will be quickly used to make unauthorized purchases or harvested for sale. The same website ruse has been used for official merchandise.

Then there’s the crypto factor, with notable scams pushing a fake World Cup cryptocurrency and non-fungible tokens (NFTs).

Oh, and let’s not forget the ransomware threat! Events of this scale, with a huge surrounding ecosystem of logistics and services, need to run smoothly. At all times. In other words, it’s prime-time for cybercriminals to launch disruptive schemes and pocket a quick payoff. Potential culprits could include disgruntled nation states and hacktivists, who may want to embarrass and destroy the reputation of the host nation.

Stream big

But wait, there’s more!

The Fédération International de Football Association (FIFA), projects that there will be as many as 5 BILLION people watching the World Cup across the globe.

As a result, there are more options than ever for watching World Cup matches, including streaming services that are accessible on any device—even those that are corporate-issued. This is where watching your favorite team can become a problem.

According to a survey by market researchers Opinium, almost 15% of English football fans said that they’d leave their workplace to watch England’s first match. Nearly 20% said that their employer will show the match or allow them to watch while working. And nearly 15% said that their company wouldn’t allow them to watch the match but they were going to do it anyway.

The big question is, if everyone is streaming via corporate devices, or watching from cozy work-from-home environments, are they accessing a safe website or streaming service? What is the danger of watching a game on a corporate device? Is the organization in question ready to handle an attack should it occur?

Fortunately, there are ways to shore up your defenses.

For example, with a solution like F5 BIG-IP SSL Orchestrator, an organization doesn’t have to worry about how everyone is getting their World Cup kicks.

The technology earns its MVP status by centralizing the decryption and re-encryption of traffic. It then ensures that the decrypted traffic is routed to an appropriate set of security solutions in an existing security stack. Over 90% of today’s web traffic is encrypted and attackers use this to mask and embed their malicious payloads. Visibility is key, but so is orchestrating the traffic to be checked and ensuring the right tools for the job are used.

In addition, organizations can create dynamic service chains that ensure the security solutions that are meant to check the traffic type do so. This means no security solution is overwhelmed by traffic, which can cause unintentional security bypasses that can lead to an attack, data breach, or exposure to ransomware.

It is also possible to create dynamic service chains with a minimum of security checks and without decryption. This helps address governmental regulations, like the EU General Data Protection Regulation (GDPR), that require certain types of private traffic, such as personal financial and health-related traffic, not to be decrypted.  

Deployment-wise, BIG-IP SSL Orchestrator is available in an on-premises appliance, as a virtual appliance for on-premises, via private clouds, or for integration in public cloud environments.

Other related tactical maneuvers to consider include the ability to integrate BIG-IP SSL Orchestrator with F5 Secure Web Gateway Services, a subscription-based solution that restricts user access to dangerous websites and applications. Secure Web Gateway Services is updated regularly to protect against nefarious URLs and can limit the types of sites users can access.

So, why worry about what websites your football (or soccer or fútbol)-crazed workers might visit? Cybercriminals have numbers on their side but—with focused awareness-raising and some canny technological deployments—we can definitely stop them from winning this year (and beyond)!