The world’s attention is now focused on the Arab world’s first global football tournament, which begins on Sunday, November 20, but malicious actors have already begun their World Cup-themed cyberattacks. Email security researchers from the Trellix Advanced Research Center discovered that attackers are leveraging FIFA and football-based campaigns to target organizations in Arab countries, resulting in a 100% increase in the volume of malicious emails in Arab countries in October.
“It is common practice for attackers to utilize important/popular events as a part of social engineering tactics and particularly target organizations which are related to the event as they are far more promising victims for an attack,” commented Daksh Kapur, Research Scientist at Trellix. “As the host-country and the affiliated organizations prepare for and manage the event, attackers take advantage of employee’s busy schedules which increases the chances of human error and the victim interacting with the attack vector. The aim of such attacks can be anything from financial fraud, credential harvesting and data exfiltration to surveillance and damage to the country’s/organization’s reputation.”
Trellix Advanced Research Center researchers caught various emails utilizing the football tournament as an initial attack vector. The following are cases of samples found in the wild:
Trellix solutions have identified several malware families being used to target Arab countries, but the five most commonly used malware families are Qakbot (40%), Emotet (26%), Formbook (26%), Remcos (4%), and QuadAgent (4%).
“As the much-awaited football tournament gets underway, cybercriminals are expected to leverage every opportunity they get to capitalize on news trends, ticket demands, human errors due to the busy schedule and more, in order to deliver a cyberattack. We anticipate these attacks to continue through January 2023 and would advise everyone to stay vigilant of any attack vectors. The organizations which are directly related to the event are advised to stay extra-vigilant as they would be the most promising targets for such attacks,” added Sparsh Jain, Research Scientist at Trellix.
For more details on the research, please read the full blog at: https://www.trellix.com/en-us/about/newsroom/stories/research/email-cyberattacks-on-arab-countries-rise.html