World Cup Qatar 2022 is being targeted by cybercriminals

Inaugural football match FIFA World Cup Qatar 2022 Just 10 days away, and while the tournament is surrounded by controversy over the host country’s human rights record, among other things, it will inevitably attract massive attention from around the world, with a TV audience expected to be well into the billions.

Of course, in the meantime, attention has also started to be drawn towards the World Cup Cyber ​​criminals and other threat actorsWho, as has been seen time and time again, excelled Appropriately important events and incorporating them into the campaign.

Digital Shadows Photon Research Group It has been tracking cyber threats that have converged around the World Cup over the past 90 days using a specially developed alert system. They found that broadly, event threats can be divided into four categories — brand protection, cyber threats, physical security and data leakage. Of these, most of the monitoring activities relate to the cyber threat category.

“Scams can present themselves in many forms,” ​​the Photon team wrote in a newly published online advisory. “For example, financially motivated threat actors often spoof these events on malicious URLs to fraudulent sites, hoping to maximize their chances of scamming gullible Internet users for a quick, illegal, profit.

“At the same time, hacktivist groups can exploit the public attention paid to such events to exponentially increase the reach of their message. State-sponsored Advanced Persistent Threat (APT) groups may decide to target global sporting events in order to achieve state goals towards the hosting country or the wider event community.”

During their research, the Photon team encountered hundreds of online threats, many of which were clearly set up to target the general public. Harnessing both their anticipation and excitement And their desire for more information about the World Cup, to tempt them.

Among the team’s findings were: more than 170 domains impersonating official World Cup online properties, including many phishing websites intended to steal their victims’ data; 53 malicious mobile apps, used to install adware, steal data and credentials, and download additional malware payloads; and dozens of fraudulent social media pages, some of which are being used to spread dubious affiliate marketing or pyramid scams.

Countering such threats is, in general, to be alert to the signs of scams, not to click on links in unsolicited emails, download apps from the App Store or Google Play, and seek news and information from known, trusted media, such as the BBC or Sky.

It’s always worth remembering the old adage that if an offer seems too good to be true, it probably is. Here are more guidelines for consumers Available from the National Cyber ​​Security Center.

The Photon team also pointed to the possibility of more sophisticated cyber activity surrounding the World Cup. For example, during their research, the team found multiple ads for raw data logs that were used to steal data Redline malware. Redline is an infostealer used to collect certificate pairs, autocomplete data, and credit card information from its victims’ web browsers. It may also collect other technical data about the compromised system.

Some of these data logs appear to be related to World Cup resources. Such information can be used to take over victim accounts and conduct further malicious activities.

The team also presented some evidence suggesting that more high-level, targeted activity could hit organizations involved in the tournament, such as sponsors, national teams or Qatar’s organizing bodies, which could be targets for disruptive, human-driven ransomware attacks. Lockbit — probably The most active ransomware cartel At the time of writing — organizations based in Qatar have reportedly been attacked.

No less influential, and perhaps even more so due to their frequent exposure to global media, is the potential for hacktivist activity, which continues to increase through 2022, with groups such as IT Army of Ukraine Faced against its choice The pro-Moscow Kilnet collective.

Groups such as AnonymousAlready famous worldwide for its hacktivist campaigns, it seems the World Cup is in its sights. On 25 October, a group representative called on FIFA to ban Iran’s national squad A brutal crackdown on anti-government protests in Tehran Anonymous now signs off with the customary salutation, “Expect us.”

The Photon team added: “Given the high level of activity carried out by hacktivist groups in 2022, it is realistically possible that groups will target the 2022 World Cup in Qatar to some extent. Hacktivist groups could target tournament organizers or sponsors and do so using DDoS. [distributed denial of service]Defacement or data destruction attacks.”

Originally published at https://creationplus-bd.net on November 10, 2022.