Cyberthreats lurk at Messi vs. Mbappé FIFA World Cup final match as 5 billion prepare to watch

More than 15,000 cameras have been placed throughout the eight stadiums and along roads and transportation infrastructure in Doha.
Loukia Papadopoulos
IE_Daily stories-5 (1).jpg
Lionel Messi takes a penalty kick during a FIFA World Cup Qatar 2022 Semi-final game between Croatia and Argentina on December 13, 2022.

Stephen Nadler/ ISI Photos/ Getty Images  

As Lionel Messi faces Kylian Mbappé in Argentina vs France World Cup final match in Qatar, which billions prepare to watch, cybersecurity experts warn that the event may be a hotspot for cyber threats.

Cyberthreats lurk as five billion people prepare to watch the World Cup final, according to an article by Dark Reading published on Friday. 

"With major sporting events becoming increasingly digitized, the attack surface for threat actors has also increased," a recent ZeroFox report on World Cup threats stated. 

"Qatar has constructed eight state-of-the-art 'smart stadiums' specifically for the World Cup, meaning sophisticated threat actors will almost certainly aim to compromise networks by exploiting vulnerabilities within interconnected stadium systems, including operational technology and Internet of Things (IoT) devices."

Qatar is well aware of these threats and even brought in a team of cybersecurity experts for a summit in March to discuss them. The nation has also been working closely with Interpol's Project Stadia to enhance its security. 

Will that be enough to thwart any potential attacks?

Part of the danger comes from two apps that Qatar requires its visitors to download: Ehteraz, a COVID-19 tracking app, and Hayya, used for World Cup game tickets and accessing the Qatar metro system to move between stadiums.

Both apps are attractive targets for cybercriminals. 

"When threat actors look to exploit an app, the end goal is to steal information that would be profitable — login credentials, personally identifiable information, email, credit cards, etc. — so that they can either sell it to actors who know how to further exploit or use the credentials and check to see if they can steal money or crypto from the victim accounts," Adam Darrah, senior director of Dark Ops Collections at ZeroFox, told Dark Reading.

Most Popular
Cyberthreats lurk at Messi vs. Mbappé FIFA World Cup final match as 5 billion prepare to watch
Cybercriminals lurk everywhere.

The apps offer access to personal data and are therefore excellent candidates for espionage and creating fan chaos.

"When a nation-state or a motivated hacktivist group has you in their sights, they will find a way in," Darrah says. "All nations view an event such as the World Cup as a way to gather intelligence."

There’s also the threat from the many facial recognition cameras installed by the nation for the games.

More than 15,000 cameras have been placed throughout the eight stadiums and along roads and transportation infrastructure in Doha. This approach is highly controversial as visitors to Qatar can’t obviously opt-in to being tracked.

The biometric data that the initiative will store is also at high risk of being accessed by cybercriminals.

Can anything be done?

Patrick Harr, CEO at SlashNext, told Dark Reading that FIFA and any World Cup host nation can take several steps to protect game viewers

"FIFA could ensure its security program includes brand impersonation identification, remediation, and a takedown service," he said. 

"With this type of security control, FIFA could safeguard their millions of fans, so they don’t accidentally engage with malicious content while following the news on their favorite teams."

Meanwhile, Eyal Benishti, founder and CEO at Ironscales, said that FIFA should be focusing on raising awareness around cybersecurity.

"They should be told to avoid clicking on links behind QR codes, stay away from SMS messages asking to validate or verify, and to go directly to the official FIFA domain only, to interact and purchase tickets," he said. 

In the end, only time will tell whether cybercriminals manage to hack their way into the games but those attending the festivities may want to proceed with caution.