Key Issue: Email cyberattacks targeting Arab countries rise in run up to FIFA world cup
Cybercriminals: Cybercriminals increase sophistication and techniques to further goals
Nation-State: Retaliation hacktivist operation continue from Russia and its adversaries

Email cyberattacks targeting Arab countries rise in run up to FIFA world cup

This week we reported on a series of phishing campaigns in Arab countries aiming to capitalise on the highly anticipated football World Cup in Qatar. In the month of October, researchers observed a 100 increase in the volume of malicious emails received in Arab countries, with the perpetrators using custom lures that take advantage of employees and fans to harvest credentials, payment information, and deploy malware.

The lures range from spoofed websites of official World Cup partners to messages impersonating the ticketing office claiming there was a payment issue and delivered and a range of malware including the Qakbot information stealer, Remcos remote access trojan, and an Emotet trojan.

The various malware strains allow the malicious actors to steal personally identifiable information, spy on the victims’ devices, and even control the compromised devices remotely. Such a wide range in lures and tools indicate that the perpetrators are likely testing which of them are most successful to use in further operations in addition to any information they were able to steal from compromised devices.

We assess that social engineering tactics using popular events remain a popular infection vector for malicious actors, who are expected to leverage the media and anticipation surrounding such events to conduct criminal activity.

Subscribe below to receive the full version.