Fidelis Blog

Maria Glendinning
Business Development and Channel Marketing Manager

Maria has worked at Fidelis Cybersecurity for over 5 years. She progressed from a role of an ISR to now Business Development and Channel Marketing Manager covering EMEA region. She is based in the UK.... Read More


Don’t Score a Goal in Your Own Net!

The FIFA World Cup 2022 in Qatar is well underway, bringing together fans from around the world. It is also bringing a rising number of Cyber threats and breaches.

Don’t help the other team by scoring a goal in your own net!

People generally associate football (or, as my US colleagues say, “soccer”) games with a boisterous, cheering atmosphere, great times, and the inevitable emotional roller coaster as your team winds its way through qualifying stages to get to and through the finals. With the eyes of global football fans focused on games and up-to-the-minute updates from their teams, criminals are taking advantage.

It is part of the dark side of any major event, like the World Cup, elections, and natural disasters. Cybercriminals will exploit fans with event-themed attacks. They are motivated by potential financial gain, political ideologies, or even geo-political situations. Adversaries take advantage and sneak in when the guards are down, and people are searching any “news” source for the latest update (or to buy tickets).

Qatari authorities allegedly invested $1.1 billion in cybersecurity to prevent cyber related incidents during the World Cup. Despite this and the numerous  necessary precautions it took to combat this major problem, hackers and cyber criminals still found ways to feed off the vulnerable.

Most common cyber threats are directed toward fans and teams. Phishing remains a popular go-to technique for gaining initial access to accounts and systems. The threats range from fake streaming and ticketing sites, to social media scams, APTs, DDoS attacks, credit card/cryptocurrency fraud, to phishing and spear phishing attacks. The one thing they all have in common is the intent to steal valuable assets and data.

Human error plays a big factor in their success. Cyber criminals steal your cash and PII by exploiting weak passwords, fans succumbing to temptation and “too good to be true” deals on fake websites, and clicking on links without checking for standard “tells” of a phishing attempt.

Now. Put this at Enterprise scale. All those humans, prone to error, also work at the largest (and smallest) organizations. Yes. Your enterprise is subject to human error. Impact = multiplied.

The stolen information is often circulated on the Dark Web, and sold to other cyber criminals who use the acquired data to conduct more sophisticated attacks on organisations. Now, the threat factor has increased yet again, and the attack surface has expanded beyond the victim to bring down global organisations.

That is why it is paramount for organisations to have a fully integrated security stack. It helps you more quickly and easily predict, protect, detect, respond and neutralise threats. Fidelis Cybersecurity provides an open and active eXtended Detection and Response (XDR) platform that natively integrates deception technologies with detection and response across cloud, network (NDR), and endpoint (EDR). Fidelis Elevate has been purpose-built for proactive cyber defense, to enable users to engage with and defeat adversaries earlier in the attack lifecycle.

Only you can make yourself an easy target.

Remember that the simple act of opening an attachment can send data about your user account for further exploit and possible compromise.  Always remember:

  • Check the sender email address along with the From field. Are they from the same organization?
  • If you hover on the link, does it take you to a website related to the topic/theme at hand?
  • Is the email asking you to take immediate action, provide accounts, or send PII?
  • If you didn’t request it, do not open it. Especially if it is an email that originates from outside your organization (attachments, links, requests for information)
  • When in doubt, send suspicious communications as an attachment to your IT team

To be safe, visit known sites. If you are being asked to update personal accounts, leave the email, and log directly into the site in question from a known web address vs. email link.

To conclude, enjoy the football, but don’t fall a victim to cybercrime. Protect your information and data as well as your goalie protects his net. Be Cyber Smart. Don’t score a goal in your own net!

Stay up to date on all things security

Subscribe to the Threat Geek Blog