World Cup 2018: malware attacks gunning for goal

World Cup 2018: malware attacks gunning for goal

World Cup 2018 is upon us and in full swing, bringing together 32 nations for a month of footballing to see who’ll be crowned World Champion. With the tournament underway, we thought it’d be fun to see which of the footballing powerhouses also expended a similar amount of energy fighting off malware attacks.

From January 1 until June 14, the day the World Cup matches began, we gathered up all of our data on registered threats per country, seeing which “teams” attracted the most attacks, and which slipped under the malware radar. Shall we take a look?

The rules of the game

We generally regard the “winner” of a game as the one who, well, wins. Score the most goals, beat the opponents, and move onto the next stage until victory is yours. That doesn’t quite work when talking about malware attacks on a collection of nations, however. In our wacky realm of World Cup–themed malware antics, the winner is the loser, in a way.

For example, do you think the nation being hammered with the most attacks is feeling like much of a champion?

Perhaps your take is that the true victor is the team who receives the smallest number of attacks. But that doesn’t necessarily mean that the country is doing a bang-up job defending against malware.

Maybe their infrastructure isn’t as interesting to criminals as one belonging to a larger nation. Perhaps they’re missing a number of home-grown hackers who code terrible things in their spare time. Whatever the reason, some other countries just aren’t seeing the same amount of malware as the “winners.”

Whatever your stance, we’ve got you covered with one of those gigantic novelty football tarps.

First half

Russia is the hands-down “winner” in terms of sheer volume of attacks, with a total of 5,942,715 malware threats received since the beginning of the year. With just over 1,500 threats per hour, Russia is most under fire from adware (1,940,814 cases), cryptomining (1,116,872 cases), and Trojans (987,233 cases).

Brazil, with 5,789,375 registered malware threats since the beginning of the year, is close behind Russia in second place. Their goal was most frequently hammered by adware (1,508,125 cases) and cryptomining (948,143).

France exit the stadium with a strong third-place position, feeling the non-stop press of attacks down their left flank. Or right? I don’t know, I play tennis. Regardless of football technique, they weigh in with 3,605,444 registered malware attacks, which is, frankly, a terrifying amount of footballs.

Germany, the 2014 World Cup Champion, is a football powerhouse you may have expected to be equally matched in malware threats. However, just like their mediocre start to World Cup play, they crawl into a “disappointing” sixth place at the half, with 1,987,421 threats counted since the beginning of the year. They complement their ability to knock England out of competitions with penalty kicks from the adware sector (608,816) and Trojans (342,156).

The nations with the fewest registered attacks in 2018 are Iceland (17,946 malware cases), Senegal (26,847), and Nigeria (97,938). The current European (football) Champion, Portugal, falls just outside of the top 10 biggest targets, with a total of 770,827 registered cases.

Among the 32 nations, adware, cryptomining, and Trojans were the dominant threats between January and June, with a significant increase in adware since the beginning of the second quarter.

Second half

What I’m mostly here for, though, is to see how England are faring in the football/malware stakes.

The answer is, of course, middle-of-the-table mediocrity, because the last time we won anything was 1966. Remember though, we’re in the land of the upside down, where being top of this chart, in particular, may not be a good thing.

While England isn’t stealthily evading all cybercriminals like Nigeria or Iceland, we still put in a reasonable performance at 20 out of 33, nestled between Saudi Arabia (430,953 attacks) and Croatia (381,364).

One of the biggest attackers aimed at England’s goal line are the ubiquitous cryptominers, with 214,615 threats registered in total, panning out to about 1,430 attacks a day. Trojans have another strong showing with 42,241 in total—that’s a daily tally of about 280. Finally, we have a rousing performance from adware, who aimed 34,495 total threats at England at a pace of about 229 per day.

I’m guessing we’re still going out about five nil to Brazil, though.

Extra time

But what regular gameplay doesn’t cover are the number of social engineering tactics deployed to countries participating in the World Cup (and others besides). Events garnering global attention also find what they don’t seek—foul play.

There have been some clever football-themed scams over the years, and it’s possible some of these may be brought out to score a last-minute goal for cybercrime. Let’s take a look at some of the scams of World Cups past and how you can defend against them.

Videogame-themed phishing

We observed a number of scams released during the last World Cup, many of which used a gaming theme as they rode on the coattails of the enormously successful FIFA Football titles produced by EA. In 2018, football games are still incredibly popular, and it’s World Cup season once again.

One such gaming scheme used social media accounts offering up football freebies in return for logging into third-party websites. Here’s a fake EA account on Instagram:

Instagram phishing

Click to enlarge

Here’s the final destination, a phishing page harvesting gaming accounts:

fake points

Click to enlarge

A result for phony streaming

Fake football match streams are always popular, and we saw a wave of them at the last World Cup, the majority of which redirected to surveys and other assorted nonsense.

fake streams

Click to enlarge

A dangerous sliding tackle (into your DMs)

In 2014, we also saw a novel social engineering technique used, where fake support accounts dropped themselves into chats between customers and verified support channels, then directed victims to phishing pages.

Click to enlarge

In this case, it was a phish for the Origin gaming platform:

origin phish

Click to enlarge

While the above was a fairly generic phish attack, many were specifically pinned around World Cup imagery and gaming, like this one:

fake world cup account

Click to enlarge

Phishing mails pipped at the post

Another common tactic come World Cup time: fake “You’re a winner!” emails claiming millions of dollars and free tickets are waiting in the wings. Here’s one example from the last World Cup:

fifa scam

Click to enlarge

Claiming to be the “FIFA Online Promotions Coordinator,” the sender requested the kind of personal information usually grabbed in the early stages of an advance fee fraud scam. This definitely wouldn’t result in free tickets, but it may well have resulted in a hat trick for enterprising scammers nabbing some easy cash.

Defensive strategy

To defend against malware threats and other scams around World Cup time, you should familiarize yourself with some of the common scam tactics being deployed. Dubious emails are already in circulation this year, and there’s still a few weeks left for malware miscreants to ruin your day.

Keep your security software and operating system up-to-date, steer clear of “too good to be true” offers, and you’ll have a safe and incident-free World Cup. While the players might enjoy a well-deserved break after the game has ended, in the realm of malware creation, the attackers are still playing long after the final whistle blows.


Christopher Boyd

Former Director of Research at FaceTime Security Labs. He has a very particular set of skills. Skills that make him a nightmare for threats like you.