Emerging ThreatsMalware & Ransomware

Cyber-Attacks Infiltrate 84% of Sports Organizations

Analyst 207||Source: InfoSecMag
Brightly-lit sports stadium interior with scoreboard and tiered seating.

“Professional sport is a high-pressure environment where timing matters,” said Nathaniel Jones, VP of security and AI strategy at Darktrace.

How widespread the problem is: 84% targeted, 57% hit more than once

Figures published by Darktrace on June 11 — the day the FIFA World Cup 2026 kicked off — show that 84% of professional sports organizations were targeted by cyber-attacks during the last year. The category covered by the research includes teams, venues and event bodies. More than half of those organizations saw the threat recur: 57% experienced multiple incidents in the 12-month period.

Timing and spectacle make events attractive attack vectors

Darktrace’s analysis highlights a straightforward tactical incentive for attackers: sports fixtures are highly publicized, with precise start times and predictable operational peaks. That public schedule gives threat actors a clear window in which to seek maximum disruption — whether by “crippling infrastructure with a ransomware attack or disrupting online services with a DDoS attack,” as the report notes. For organizations running live events, the report says, even a small anomalous event — “a suspicious login, unusual data movement or unexpected AI agent action” — can become “operationally significant very quickly.”

Fan and athlete data create additional value for attackers

Beyond disruption, the data held by sports organizations is itself a major target. The report points to customer-facing collections — credit card details and personal information about fans — as attractive to cybercriminals either for direct misuse or resale on underground forums. Sports bodies also store sensitive information about teams and athletes, including personal data, contract and sponsorship details, and confidential operational or commercial material. If exfiltrated, that data can create risks for fans, players, sponsors and commercial partners alike.

Supply chain weak points and social engineering

Darktrace singles out third-party suppliers as commonly targeted footholds: ticketing providers, broadcasters, cloud services and stadium-technology software suppliers are all noted as potential vectors attackers can leverage via trusted relationships. The report also quantifies a social-engineering problem: sports organizations received 19% more phishing emails than organizations in other sectors.

Darktrace analysed 116,000 phishing emails targeting sports organizations and found that 21% directly targeted executives and other VIPs, while 37% involved “novel” social engineering techniques that leveraged AI-powered assistance. The report adds that 84% of phishing emails detected successfully bypassed DMARC authentication, underlining the scale of the technical and human challenge.

How technologists, procurement leaders, and fans are affected

  • Technologists and security teams: The report notes that a third of respondents identified the top priority for cybersecurity teams as helping stadium operations maintain critical functions during live matches. That shifts focus toward operational resilience — protecting gates, communications and live-service availability during peak windows.
  • Procurement leaders and third-party suppliers: Because ticketing platforms, broadcasters and cloud services are repeatedly named as attack vectors, procurement decisions and supplier security postures surface as areas of elevated risk; attackers exploit trusted relationships in the supply chain to reach primary targets.
  • Fans and the general public: The data sports organizations hold — credit card details and personal information — means that successful intrusions carry direct consumer harms, including theft and fraud and the potential exposure of personal details tied to attendance and accounts.

Darktrace’s prescription for mitigation is explicit: “The most effective way to mitigate the risks facing sports organizations both internally and from external actors today is to adapt a behavioral approach to security. That means shifting away from rules and signatures and focusing on understanding both human and AI behavior inside your environment,” Jones said. The recommendation places emphasis on continuous behaviour-based detection over static controls as events scale in complexity and attackers adopt AI-assisted techniques.

The report’s timing — released as a global tournament commences — is itself a reminder that the sports calendar concentrates both attention and risk. For teams, venues, vendors and the fans who depend on them, the findings make clear that cyber defences must be aligned to the cadence of live sport: predictable schedules and high-profile moments are exactly what make modern sporting events lucrative targets.

https://www.infosecurity-magazine.com/news/sports-organizations-targeted-by/

Cyber AttacksEmerging ThreatsIncident ResponseNation-StateMfa BypassFIFA World CupSports OrganizationsProfessional SportsDarktraceThreat Recurrence
Related Intelligence

Continue Reading

Cluttered modern office workstation with blurred screens and scattered papers.

AI Coding Agents Exposed to Agentjacking Attack

Imagine a sneaky new attack that tricks AI coding assistants into doing an attacker's bidding - without ever touching the victim's infrastructure. This clever hack, dubbed Agentjacking, uses a sneaky sequence of steps to get AI tools to execute malicious code on developers' machines.

Analyst 207
A cluttered workspace with a smartphone, papers, and scribbled notes, set against a blurred cityscape or office background.

Google Sues Alleged Chinese Phishers Over AI-Powered Fraud Ops

Google is taking a stand against scammers, suing a Telegram-based group called "Outsider Enterprise" for allegedly sending millions of AI-powered scam texts and impersonating trusted brands. The lawsuit aims to put a stop to their large-scale fraud operations.

Analyst 207
Law enforcement officers conduct a daytime operation with a blurred emblem in the background.

INTERPOL Disrupts Sniper Dz Phishing Platform in Global Operation

In a major global crackdown, INTERPOL dismantled the notorious Sniper Dz phishing platform, a hub for cybercriminals to buy and use ready-made phishing kits, in a coordinated effort that resulted in 201 arrests across 13 countries. The operation, dubbed Operation Ramz, dealt a significant blow to the phishing-as-a-service industry.

Analyst 207
Laptop screen on cluttered desk shows blurred email inbox with one message.

Plymouth Council Breach Exposes 500 Home-Schooling Families' Email Addresses

A careless mistake by Plymouth City Council's Elective Home Education team has led to a data breach, exposing the email addresses of around 500 home-schooling families after a single email was sent with all recipient addresses visible. The council is now dealing with the fallout after compromising the personal email addresses of hundreds of families.

Analyst 207