Cyberthreats lurk at Messi vs. Mbappé FIFA World Cup final match as 5 billion prepare to watch

Qatar is well aware of these threats and even brought in a team of cybersecurity experts for a summit in March to discuss them. The nation has also been working closely with Interpol's Project Stadia to enhance its security. 

Will that be enough to thwart any potential attacks?

Part of the danger comes from two apps that Qatar requires its visitors to download: Ehteraz, a COVID-19 tracking app, and Hayya, used for World Cup game tickets and accessing the Qatar metro system to move between stadiums.

Both apps are attractive targets for cybercriminals. 

"When threat actors look to exploit an app, the end goal is to steal information that would be profitable — login credentials, personally identifiable information, email, credit cards, etc. — so that they can either sell it to actors who know how to further exploit or use the credentials and check to see if they can steal money or crypto from the victim accounts," Adam Darrah, senior director of Dark Ops Collections at ZeroFox, told Dark Reading.

The apps offer access to personal data and are therefore excellent candidates for espionage and creating fan chaos.

"When a nation-state or a motivated hacktivist group has you in their sights, they will find a way in," Darrah says. "All nations view an event such as the World Cup as a way to gather intelligence."

There’s also the threat from the many facial recognition cameras installed by the nation for the games.

More than 15,000 cameras have been placed throughout the eight stadiums and along roads and transportation infrastructure in Doha. This approach is highly controversial as visitors to Qatar can’t obviously opt-in to being tracked.

The biometric data that the initiative will store is also at high risk of being accessed by cybercriminals.

Can anything be done?

Patrick Harr, CEO at SlashNext, told Dark Reading that FIFA and any World Cup host nation can take several steps to protect game viewers

"FIFA could ensure its security program includes brand impersonation identification, remediation, and a takedown service," he said. 

"With this type of security control, FIFA could safeguard their millions of fans, so they don’t accidentally engage with malicious content while following the news on their favorite teams."

Meanwhile, Eyal Benishti, founder and CEO at Ironscales, said that FIFA should be focusing on raising awareness around cybersecurity.

"They should be told to avoid clicking on links behind QR codes, stay away from SMS messages asking to validate or verify, and to go directly to the official FIFA domain only, to interact and purchase tickets," he said. 

In the end, only time will tell whether cybercriminals manage to hack their way into the games but those attending the festivities may want to proceed with caution.