Euro 2024 Becomes Latest Sporting Event to Attract Cyberattacks

With the Euro 2024 football tournament — soccer, to our US readers — reaching the final eight teams in the quarterfinals, cybercriminal activity has ramped up around the tournament and is posing risks for fans and their employers.

In a report published last month, threat intelligence firm Cyberint found that more than 15,000 credentials belonging to Union of European Football Associations (UEFA) customers have already been exposed on underground forums, identified by the uefa.com domain in URLs connected with the usernames and passwords. In addition, another 2,000 credentials have appeared for sale on the Dark Web.

While most credentials belong to consumers, individuals often will sign up for a service with their work email address, giving cyberattackers a potential lead to pursue for future attacks, says Darja Feldman, threat intelligence team lead at Cyberint.

"Employees should be instructed not to share, or not to use, their corporate credentials to sign up for non-business services," she says, adding that employees should also specifically be warned against reusing passwords. "The lack of hygiene with passwords, where people just reuse their corporate accounts — not just the email, but also the passwords — for third-party services give a vector for the threat actor to get into company accounts."

It's a timely reminder given that major sporting events are often the target of cyberthreat actors. Destructive attacks targeted digital infrastructure for the 2018 Winter Olympics, originally appearing to come from the North Korean Lazarus group, but later found to be the work of the Russia-linked Fancy Bear APT, which conducted a false-flag operation. Hackers have also targeted the Twitter accounts of teams in the United States' National Football League (NFL), China-linked threat actors aimed to disrupt the 2022 World Cup in Qatar, and cybersecurity experts warn that the coming Summer Olympics in Paris could be next target.

A Yellow Card for Euro 2024 Cyber Ops

Cyberattackers have already targeted Euro 2024 beyond stealing credentials, with suspected Russia-linked hackers leveling a distributed denial-of-service (DDoS) attack at the online broadcast of Poland's Group D opener against Estonia. Pawel Olszewski, Poland's deputy minister of digital affairs, blamed the Russian Federation for the attack. Russia's team has been barred from the tournament.

DDoS attacks can be among the most pernicious for live sporting events, cybersecurity firm Radware stated in a June 10 advisory. The company pointed to the frequent DDoS attacks that disrupt e-sports matches, for instance, such as tournaments around the popular League of Legends video game.

Euro 2024 — and other sporting events — will likely see more DDoS attacks in the future, Radware said.

"Given the scale and global interest in the tournament, it is a high-value target for cybercriminals and nation-state actors," the company stated. "This threat was highlighted during the Tokyo 2020 Olympics, where reports of millions of cyberattacks were prevented, underscoring the scale of cyberthreats to large international events."

A Prelude to Paris Olympics Cyberthreats

In the first quarter of 2024, Europe had already seen twice as many attacks compared to the last quarter of 2023, Juhan Lepassaar, head of the European Union Agency for Cybersecurity (ENISA), told the Associated Press. He squarely blamed Russian cyber operations and hackers for the increase.

"This is part of the Russian war of aggression, which they fight physically in Ukraine, but digitally also across Europe," he said in late May, according to the Associated Press, adding, "I do believe that we have a societal challenge ahead of us to understand digital security in the same way that we understand security in the everyday traffic environment."

Overall, the level of credential collecting, phishing attacks, DDoS attacks, and other threat activity has not necessarily increased in underground markets, but it has shifted to focus on the Euro 2024 tournament. And, as the 2024 Summer Olympics approaches, Cyberint's Feldman expects attackers' focus to shift again.

"We do expect attack attempts by major state-sponsored threat actors on the Olympics," she says. "Everything is almost the same as UEFA, the same [types of attacks] are going to happen with the Olympics — with credentials, with ticket fraud, with all kinds of scams, all kinds of malicious apps and malicious files that are being sent around to people and to customers."

Russian and Belarusan athletes will be allowed to compete in the 2024 Olympics, but only as neutral participants, without any flags or emblems, the International Olympic Committee has ruled. Whether that means fewer attacks from hacktivists and nation-state actors remains to be seen.