author photo
By Cam Sivesind
Tue | Nov 22, 2022 | 9:17 AM PST

While a lot of the world's collective eyes are on the pitch in Qatar for the FIFA World Cup 2022, security professionals are keeping their eyes on an uptick in cyberattacks against organizations in Arab countries.

Just as cybercriminals use holidays as an avenue to catch shoppers and companies off guard, bad actors are using soccer's biggest every-four-year event as a time to catch enterprises too far off their back touch line to net harmful results.

According to a summary of data gathered by the Trellix Advanced Research Center, October saw a 100% increase in malicious emails.

With Qatar and other Arab nations ramping up to host the primetime edition of the beautiful game, "attackers take advantage of employee's busy schedule which increases the chances of human error and victim interacting with the attack vector," a report said. "The aim of such attacks can be variable like financial fraud, credential harvesting, data exfiltration, surveillance, or damage to the country's/organization's reputation."

The report lists examples of malicious emails that use the soccer event as the initial attack vector. Tournament-themed phishing campaigns were also identified with bad URLs spoofing real pages, obfuscated post URLs, and credentials posted to a PHP script hosted on the server managed by attackers.

And don't forget a plethora of malware methods targeting Arab countries, including the Top 5: Qakbot, Emotet, Formbook, Remcos, and QuadAgent. For more on each, see the report.

While the tournament comes to a close in early December, experts expect attacks related to the World Cup to continue through January of 2023, and for those attacks to broaden far beyond Arab countries, hitting rabid soccer fans and companies shorthanded due to watch parties.

UPDATE: World Cup top current and past players' names are most used and abused passwords, so another heads-up on password management (and using common sense).