What Makes the FIFA World Cup a Prime Target for Cyber-Criminals?

The 22nd edition of the World Football Championships in Qatar is well underway. The global nature of the event has allowed the Gulf nation to showcase itself to the world on an unrivalled scale.

However, hosting such a competition not only comes with a considerable cost – it is also accompanied by unwelcome attention from threat actors. For example, employees working at the event have been targeted by phishing attacks, with the tournament proving to be a popular target for hackers seeking to infiltrate valuable databases and systems. As the competition continues, the potential remains for cyber-criminals to target Qatar with increasingly nefarious cyber-attacks, such as distributed denial-of-service (DDoS) attacks.

In recent years, when large-scale sporting events have taken place, cyber-criminals have displayed a propensity to utilize DDoS attacks to disrupt the event. An example of this can be seen with the 2012 London Summer Games, which were the target of prolonged and repeated DDoS attacks. Moreover, the 2014 edition of the World Football Championships, which took place in Brazil, was also on the receiving end of persistent DDoS attacks.

But what makes sporting events such as the ongoing football World Cup and Summer Olympic Games tempting targets for threat actors who utilize DDoS attacks?

Tempting Targets 

The reason DDoS attacks are so popular amongst cyber-criminals is due to their capacity to cause significant disruption for billions of people and thousands of businesses, including athletes, fans and organizations invested in a sporting tournament. Threat actors can use this attack weaponry to interfere in events by attacking the digital infrastructure required to allow global audiences to watch the event, from digital scoring and telecommunications to audio and video streaming.

What’s more, cyber-criminals launch attacks against specific activities that are taking place as part of the event, such as opening ceremonies, as they not only wish to disrupt the activity itself but also aim to embarrass the host nation and the organizing committee. In the case of the ongoing World Football Championships, this is Qatar and FIFA.

Additionally, the nature of the current World Football Championships has helped to make it a prime target for threat actors. Qatar is the smallest nation ever to host the competition, meaning fewer spectators from abroad have been able to travel to watch the competition compared to previous editions. This has resulted in more people watching from home via TV, streaming or other mediums. As such, foreign visitors who would normally attend the tournament rely heavily on social media and streaming sites to follow the tournament. This increased reliance on online infrastructure has allowed adversaries to play havoc with such services using DDoS attacks.

Preventing Cyber-Criminals from Causing Significant Damage 

Whether it is the country hosting the tournament, the event sponsors or the competing nations and athletes, it’s imperative to ensure a strong cybersecurity position. Organizations must ensure they are regularly sharing information and collaborating with commercial providers. This is especially the case with internet service providers and telecommunications firms, as these organizations tend to be on the front line when facing and preventing the ever-growing threat posed by cyber-attacks.

Businesses involved in the organization of the event should strongly consider installing an effective and secure DDoS protection system. By doing this, businesses can ensure their critical data and online infrastructures are well protected if they are on the receiving end of a DDoS attack. Further to this, to effectively sustain this protection, these systems must be tested and maintained regularly.

Additionally, while major sporting events are taking place, organizers should employ a DDoS attack mitigation expert. Whether it be an individual or an entire organization, they should be capable of providing the necessary level of support to help businesses navigate the cyber-threat terrain. Enlisting this specialist ensures key stakeholders, internal teams and the company as a whole can gain an understanding of how to diminish the risk associated with DDoS attacks, as well as what the best course of action is if they so happen to be targeted by threat actors.

Sporting events such as the ongoing World Football Championships are prime targets for cyber-criminals as a successful attack will not only lead to large-scale disruption, but the global nature of the events will generate a significant amount of attention from around the world. As such, bodies involved in organizing these competitions must ensure they do their utmost to sufficiently protect themselves from threat actors while these sporting events are taking palace.

What’s Hot on Infosecurity Magazine?