Chloe Maraina brings a unique perspective to the 2026 FIFA World Cup, combining her deep understanding of big data with the high-stakes world of cybersecurity. As the tournament kicks off across three nations, the sheer volume of data and the sprawling physical infrastructure present a playground for malicious actors seeking to exploit any digital gap. She dives into the complexities of securing an event that spans 16 cities and 104 matches, highlighting how threat intelligence is the only thing standing between a global celebration and a digital catastrophe.
With 48 teams playing across 16 cities in three countries, how does the unprecedented scale of this tournament reshape the digital attack surface we have to defend?
The jump to 104 matches creates a logistical web that is honestly a nightmare for security teams but a goldmine for attackers. We aren’t just looking at one stadium; we are monitoring a massive ecosystem that includes five million fans moving across the U.S., Mexico, and Canada. This tripartite hosting arrangement means every digital handshake—from mobile ticketing to stadium Wi-Fi—must be synchronized across different national infrastructures. When you have this many people and devices concentrated in 16 different urban hubs, the sensory overload of data makes it much easier for a rogue signal or a fraudulent transaction to blend into the background noise.
We’ve seen reports of over 10,000 malicious domains popping up since the start of the year; what does this tell us about the evolution of the criminal infrastructure surrounding global sporting events?
That number, ten thousand, represents a staggering industrialization of fraud where attackers are setting up shop months before the first whistle even blows. These domains aren’t just static websites; they are integrated into social platforms like Discord, WhatsApp, and Telegram to lure fans into a false sense of community. I’ve seen how they use high-volume phishing operations to mimic FIFA’s branding so perfectly that even a tech-savvy fan might click a link for “exclusive” tickets. It’s a calculated, predatory move to capitalize on the emotional high of the tournament, turning a fan’s excitement into a gateway for malware or credential theft.
Beyond the fans, we are seeing sophisticated attacks against the organizers themselves, such as weaponized employee handbooks—how deep does this threat go for the people behind the scenes?
The targeting of the internal workforce is particularly chilling because it strikes at the very foundation of the tournament’s operations. Attackers are deploying fake career sites and weaponized PDF documents—like the employee handbook found in one host city—specifically designed to steal Google Workspace accounts. These aren’t random hackers; they are meticulous actors who understand that if they compromise a host city’s staff, they gain a foothold into the critical infrastructure of the games. Imagine the chaos if an administrator’s account is hijacked just as 50,000 people are trying to enter a stadium; it’s a high-stakes game of cat and mouse where the “employee” might actually be a digital Trojan horse.
How do the current geopolitical tensions and the rise of state-aligned actors change the risk profile from simple financial theft to something much more disruptive?
While we always worry about ticketing scams and QR-code fraud, the shadow of state-aligned adversaries is what keeps security experts up at night. These actors aren’t looking for a quick payday; they want to project power or cause significant disruption to national critical infrastructure like energy or utilities. With the U.S. facing an uptick in cyber activity from nations like Iran, the tournament becomes a visible stage for politically motivated attacks, including potential distributed denial of service strikes. The goal here isn’t just to steal a credit card number, but to silence the broadcast or darken a stadium, using the global spotlight of the World Cup to broadcast a message of instability.
With agencies like CISA conducting dozens of exercises and vulnerability assessments, what does a “ready” defense look like for an event of this magnitude?
Readiness in this context means having a finger on the pulse of every bit of data across 10 host stadiums and dozens of base camps and hotels. CISA has been incredibly proactive, conducting six major exercises in January alone and providing technical assistance as far away as the Winter Olympics in Italy. It’s about more than just software patches; it involves physical and cyber vulnerability assessments that treat the stadium’s Wi-Fi and the city’s power grid as a single, unified front. This level of preparation is a massive undertaking that serves as a blueprint for future events like the 2028 Summer Olympics, ensuring that our response is as fast as the action on the pitch.
What is your forecast for the remainder of the tournament as the matches move toward the final in New Jersey?
My forecast is that we will see a dramatic surge in “last-minute” scams as fans become more desperate for tickets to the final at MetLife Stadium. As the 39-day tournament nears its July 19 conclusion, the pressure on security teams will reach a breaking point, likely resulting in a few high-profile attempts to disrupt the closing ceremonies. However, the data gathered from these 104 matches will provide us with a masterclass in threat intelligence that will define how we protect global events for the next decade. Success won’t just be measured by the score on the field, but by the silent battles won in the server rooms and security operations centers every single day.
