World Cup threats present challenges for IT pros

For soccer players, the goal is the score; for threat actors, the score is the goal.

That’s the concern as the US, Canada, and Mexico prepare to host the World Cup in June and July. With three different countries and a threat surface exacerbated by international conflict, cyberattackers are looking to take advantage.

Evan Pena, founder and chief offensive security officer at Armadin, told IT Brew the uptick in media coverage of the tournament will bring more attention—and threats—to systems like ticket providers and other vendors. Combine that with the potential for hacktivism and other politically motivated cyberattacks, and you have a perfect storm for defenders.

“There’s a lot of media coverage on this, and what that generally means for a threat actor is that there’s a lot of opportunity to lure [people] into different campaigns,” Pena said.

Penalty box. World Cup fans are hardly the only sports aficionados who need worry about threat actors. IT Brew has reported on several other franchises and events around the US where defenders are trying to counter cyber danger.

The risk of an incident increases as sports venues become increasingly digitized. In April 2024, at an event at Fenway Park, then Red Sox VP of Technology Operations and Information Security Randy George said that the franchise deploys AI and other technologies to keep things running.

“All of our concession technology is working, our wi-fi is working, we have 60 cameras scattered around the park that our baseball operations folks need to do all of the AI and ML work for player development and scouting,” George said. “And so this park is almost like a blinking ecosystem of lights, full of tech that really needs to be working day in day out.”

Multiply that infrastructure across the multiple countries, stadiums, and vendors involved in the World Cup, and you can see the challenge IT pros are facing with the games this summer. Kristopher Russo, principal threat researcher with Unit 42, said that attackers are primarily motivated by either disinformation, disruption, or profit. How those attacks play out varies wildly.

“When we think about disinformation, it’s very highly targeted and coordinated,” Russo said. “The profit, or cybercrime, type tends to be more opportunistic—the larger the event, the larger the stage, the more opportunity there is for them to profit from it.”

Shootout. Pena agreed, telling IT Brew that the level of interest in the World Cup adds to the threat—with the eyes of the world on the tournament, it’s an opportunity for leverage that attackers aren’t likely to pass up. Tickets can offer a way in for threat actors, for example, as consumers scour the shadier corners of the internet for good deals and could perhaps click on a malware link, or fall victim to social engineering.

“It’s going to be a campaign that threat actors can leverage across the board, whether it be commodity-based or even nation state-based, when it comes to espionage to try to leverage any campaign for an initial foothold,” Pena said. “Social engineering is the biggest risk associated with big events, because they’re going to leverage that to try to entice people to do what it is that they want.”

When it comes to IT pros trying to defend against these attacks, traditional options often remain the best. Taking a risk-based approach that treats the tournament as another threat vector is the right move, Russo told IT Brew. Building defenses out from that premise allows for centering efforts on the primary danger.

“It comes down to, as a defender, your perspective of putting the most important things you’re trying to defend front and center, and then building defenses around those,” Russo said. “And that is going to be different for every organization, for every vertical.”