The 2026 World Cup, now underway across three host countries and drawing millions of fans, has become a prime target for cybercriminals and state-backed groups, according to analysts from Unit 42 at Palo Alto Networks. The tournament’s global scale and visibility make it one of the most significant cyberattack targets this year.
Experts from Palo Alto Networks warn of a surge in phishing campaigns, business email compromise (BEC) attacks, and operations by state-linked groups that could exploit the event for both financial gain and geopolitical leverage. The implications extend far beyond the host nations, reaching Poland and other countries with strong ties to the tournament.
The size and complexity of the event create a vast ecosystem of interconnected services – from stadiums and transport to hotels and digital ticketing systems. A disruption in one area can quickly cascade into others, making the entire infrastructure an attractive target.
Three main threat vectors
Analysts outline three primary directions of potential cyber threats. The first involves Iran-linked operations that may target industrial control systems, including water and power utilities in host cities. The second includes Russian groups like NoName057(16), known for DDoS attacks aimed at ticketing platforms, federation websites, and information services. The third, and riskiest for individuals, is financial cybercrime: fake ticket sales, phishing, ransomware, QR code scams, and account takeovers.
– Large sporting events demonstrate that effective protection begins long before the first whistle. The key is not just incident response, but continuous risk management, regular security testing, and checking the weakest links – procedures, remote access, vendor tools, and the entire digital infrastructure supporting the event – said Tomasz Pietrzyk, technical director for Central and Eastern Europe at Palo Alto Networks.
Poland in the crosshairs
From Poland’s perspective, these threats are particularly relevant. The tournament can be used for targeted phishing campaigns, including smishing (fake SMS) and audio-video deepfakes. Cybercriminals may exploit World Cup themes to scam fans over tickets, bets, or streaming access. Poland has faced increasing cyber pressure due to its geopolitical situation, with a dynamic rise in incidents confirming that cyberspace is a key arena of state and organized crime competition.
Pietrzyk emphasises that many attacks do not rely on sophisticated techniques but on negligence in basic security. – The starting point should be a 'zero trust’ approach and the assumption that attacks are inevitable. Only that builds real resilience and reduces the risk of disruptions in critical systems – he added.
The global nature of the 2026 World Cup means its cyber effects will be felt widely. Polish companies and institutions, especially those with international links, should brace for a wave of targeted attacks exploiting the tournament’s popularity.
Źródło: WNP.PL, Fot. Florian Olivo/ Unsplash; Emilio Garcia/ Unsplash
