What if the most dangerous match wasn't played out on the pitch? ?
Stadiums, now hyper-connected: : billetterie numérique, contrôle biométrique, dispositifs IoT de sécurité, etc. sont devenus des cibles pour les cyberattaques. Un ransomware juste avant une finale internationale This is a serious threat that organizers and cybersecurity agencies need to be prepared for.
In this article, discover the worst possible scenarios (and how to avoid them). découvrez les pires scénario possibles (et comment les éviter).
In 2024, a security breach on ticketing service Ticketmaster compromised the personal data of 560 million customers (including names, credit card numbers, emails, and other sensitive details of the platform's customers).
A ransomware attack on the ticketing service can encrypt databases and Cloud services, crippling the sale, issue and validation of digital tickets, leading to queues, fraud and match cancellations.
In July 2020, the UK's National Cyber Security Centre reportedthat an English Football League club had been hit by a ransomware: almost all terminals were encrypted, local data lost and stadium turnstiles blocked, threatening the match.
The attack, which probably started as a phishing attack or an intrusion via video surveillance, spread due to a lack of network segmentation.
The result: hundreds of thousands of pounds in losses and major vulnerabilities uncovered: :
Later, andn novembre 2020, Manchester United a annoncé avoir été la cible d’in November 2020, Manchester United announced that they have been the target of a « “sophisticated” », mais une réaction rapide du club a permis de contenir le danger and by minimiser l’impact. Cet incident, suspecté d’être un ransomware, aurait pu affecter Manchester de la même manière que le club cité précédemment et empêcher la tenue de matchs à Old Trafford.
According to international firm Buro Happoldthe Programmable Logic Controllers (PLC) that manage lighting, ventilation, score screens, power distribution and some security cameras often run on legacy hardware with limited security functionality: making them an ideal entry point for encrypting and crippling the stadium. A single lapse in cybersecurity can expose these infrastructures to major risks. An attack could, for example, result in a power failure during a match, such as that experienced by Wembley stadium in February 2025.
Une attaque peut occasionner par exemple une panne de courant pendant un match comme celle qu’a connu le stade de Wembley en février 2025.
Il est courant que lof organisateurs d’événements majeurs tels que la CAN propose des applications mobiles dédiées à la diffusion en direct des rencontres. Certains individus malveillants peuvent exploiter cette opportunité pour distribuer des applications frauduleuses prétendant être officielles, ou tenter de compromettre les applications légitimes.
The sports sector : a rich target
n its Cyber Signals newsletter, Cyber Signals, Microsoft reveals that cybercriminals are increasingly targeting major sporting events, particularly in highly connected environments. Performance data, strategic information, and personal data represent a gold mine for malicious actors, especially as they circulate through a multitude of interconnected devices and networks, increasing their exposure.
The newsletter mentions several majors cyberattacks: NBA (January 2023), Manchester United (November 2020), San Francisco 49ers (Super Bowl 2022), Houston Rockets (April 2021), Major League Baseball (October 2021) and Pyeongchang Winter Olympics (2018).
Critical systems must be isolated: ticketing network, gantries, security systems, TV broadcasting, IoT. An attack on one must never affect the others.
Daily offline backups, ability to check tickets in “white list” mode, paper-based scenarios in the event of total loss of connectivity.
Simulate: loss of ticketing, loss of video surveillance, network outage, widespread ransomware.
Audits, restricted access, mandatory MFA, monitoring of privileged accounts.
Detection of abnormal behavior 24/7: massive encryptions, unusual connections, lateral movements, unauthorized installations.
Dedicated cyber team during highlights: opening ceremonies, high-profile matches, semi-finals and finals.
Define a communication strategy adapted to each potential crisis scenario (ticketing, OT, point-of-sale terminals, etc.).
Modern soccer plays a double game: on the pitch, and behind the digital scenes. Attackers know that organizers would be willing to pay a ransom to avoid the cancellation of the match, but rigorous preparation changes the game. With the TransNumerik method, focused on resilience and collaboration, it's possible to turn digital vulnerabilities into a defensive force to prevent attacks.
Toutefois However, ransomwares do not only target sports infrastructures: any organization, whatever its sector, remains vulnerable if it does not put the appropriate measures in place.
Sources: Microsoft , TF1 Info, NCSC , Manchester United , Buro Happold, The Sun , Cyber Threat Alliance