The FIFA World Cup, which is currently taking place in Qatar, has been attracting malicious actors for several weeks now. In particular, phishing campaigns have been launched.
Unsurprisingly, hackers are seizing the rare opportunity of the 2022 FIFA World Cup in Qatar to join the party in their own way. Trellix’s cybersecurity experts have broken down the tactics used by hackers to try to trick their victims. Phishing emails were intercepted.
The Football World Cup, a great playground for hackers
To lure their targets, hackers use the image of FIFA, the international federation, to target organizations in Arab countries. It is obviously common for attackers to target popular and very high-profile events, such as the World Cup, to spread social engineering tactics and affect companies, associations and other organizations directly or indirectly linked to the event. .
Trellix said it noted a 100% increase in the volume of malicious emails in October in Arab countries. And if awareness has been real and organizations say they are ready to avoid attacks, human error is never fully ruled out, and the risks are multiplied during the World Cup.
Hackers take advantage of the event to exfiltrate personal and financial information, collect confidential data and even try to damage the reputation of the attacked country. That was the purely theoretical aspect. Because Trellix was able to intercept several types of malicious emails sent in recent weeks.
From email phishing and malicious URLs, hackers fully exploit the opportunity
One of the campaigns identified consists of the hacker impersonating the help desk of FIFA TMS, an online platform of the federation. The body of the email then displays a fake alert notification, which is about the so-called disabling of two-factor authentication. The message contains a hyperlink which then redirects the potential victim to a phishing page.
Second situation: a pirate usurps the identity of the FIFA ticket office. In the email, it exposes the recipient to a payment problem, to resolve it as quickly as possible. Except that the e-mail contains an attachment in HTML format, which also redirects to a personalized phishing page.
Some partners of the Mondial are also hijacked to carry out malicious campaigns. Trellix notes, for example, the impersonation of Snoonu, official food delivery partner of the World Cup, which offers fake tickets, free of charge, to those who register for the latter. The trap is big, but the email contains a malicious XLSM file, which then does the rest.
Emails are not the only weapon used by hackers. Cyber researchers have also discovered many malicious URLs, always on the subject of the World Cup. Several families of rather well-known malware (Emotet, QuadAgent, Qakbot, Remcos, Formbook) have been identified, targeting Arab countries to, among other things, take control of machines remotely, steal data and spy on certain activities.
Source : Trellix
3