What has England football team forward Harry Kane got to do with social engineering and cybersecurity? Turns out that Kane is the most used name among over 800 million compromised passwords!
FIFA World Cup 2022, hosted in Qatar, is the first major global sporting event post 2020, the year of the pandemic and global lockdown. The cybersecurity landscape went through a metamorphosis in these two years. The cybersecurity crises associated with an event of magnitude too changed accordingly.
“During the World Cup, there will likely be threat actors aiming to acquire personal information or monetary value through phishing and scams. Cyber threat actors may target the confluence of logistical issues with accommodation, ticketing, and betting scams. These will range in complexity from basic mass SMS scams to attacks on specific individuals and organizations,” said a pre-event threat assessment by ZeroFox.
Most, if not all, of the predictions, are turning true.
FIFA, football craze and passwords
Password and identity management business Specops analyzed over 800 million compromised passwords and found a surprisingly significant influence of football on the terms used. In total, the name Kane appeared in the lists of breached passwords more than 133,000 times.
The company listed the most common names in the tranches of passwords they analyzed, and the top 20 included Grzegorz ‘Lato’ (no.1), Thierry ‘Henry’ (no.5), ‘Pele’ (no.11), Bobby ‘Moore’ (no.13), Lionel ‘Messi’ (no.14) and Ronaldo’ (no.18).
Specops researchers attributed the reason behind these password choices to the tendency to go for something or someone memorable. In this case, famous football teams or favorite players.
“Further analysis was conducted on which countries that qualified for the 2022 World Cup appeared in the breached password database and found the ‘USA’ at the top, appearing over 1.3 million times,” said the report.
“This was followed by ‘Iran’ and ‘France’ in second and third places respectively, with ‘Japan’ and ‘Canada rounding the top 5. ‘England’ featured in ninth place with slightly more than 20,300 appearances,” it added.
Similarly, “soccer” was the password that was most frequently cracked. ‘Soccer’ made more appearances than the next two leading keywords combined (‘football’ and ‘FIFA’), totalling over 140,000 instances.
Qatar government, user data, and privacy
“It’s not my job to give travel advice, but personally, I would never bring my mobile phone on a visit to Qatar,” said Norwegian Broadcasting Corporation’s head of security Øyvind Vasaasen before the tournament was kicked off. He had very valid reasons for that view.
The mandatory apps for visitors – covid-tracking app Ehteraz and ticketing and transportation app Hayya – have raised privacy concerns across the world. Countries including Germany and France issued official advisories, recommending travellers to use burner phones than their personal devices.
“Several countries, including Qatar, are known for using contact tracing apps that collect excessive data including the user’s name, phone number, age, gender, geolocation and more, without providing them with transparent information about this personal data will be used for. With no data retention policy in place, this personal data can be retained for as long as the developers deem necessary,” noted Darren James, Technical Lead at Specops Software.
Moreover, the World Cup’s privacy policy mentions about visitor data moving across Qatar’s borders to other countries but no details about those countries’ privacy laws are provided.
Bigger, better scams!
“Social engineering poses one of the greatest threats to organizations and spectators participating in the Qatar World Cup. Threat actors have been leveraging the event as a theme for some time, with phishing campaigns identified as early as 2019,” read the ZeroFox threat assessment.
Researchers at Group IB spotted close to 90 potentially compromised Hayya accounts, mandatory system to use the ticketing transportation services. The attackers used info-stealing malware such as Redline and Erbium to hack the app, researchers found.
According to Kaspersky, the top five scams spotted were in ticketing, gifts, merchandise, crypto and NFT, and travel and accommodation.
Trellix solutions spotted several malware families being used to target Arab countries, the top five being Qakbot, Emotet, Formbook, Remcos, and QuadAgent.
“With this World Cup, scammers got very creative, as we have observed a variety of fraudulent schemes employed. We see how they are trying to benefit most from the situation and exploit as many trendy topics as possible, including a growing number of NFT scams related to the World Cup,” Kaspersky security expert Olga Svistunova wrote in the report.