Copa America 2015 – a heaven for hackers

Everybody loves big sporting events. At least, every hacker… our latest analysis shows hackers’ behavior before and during the 2015 “Copa America” football championship in Chile.

Cytegic DyTATM intelligence platform gathers, processes and analyses hundreds of thousands of intelligence feeds on a month basis, to allow a quick and understandable cyber-trend analysis. Using DyTATM intelligence platform we were able to identify the following interesting findings (for the full report, please write us at

  • We noticed a strong correlation in patterns (attack methods, attackers and victims) between 2015 Copa America games and 2014 world cup games
  • The hosting nation, while enjoying the home advantage, is also the focal point of cyber attacks
  • Strangely enough, the heightened cyber activity levels reflect on participating countries as well, which all experience some raise in attack intensit

South America Threat Landscape

Let’s dive deeper into the data, but prior to looking at the event in hand, let’s rewind to last years’ world cup games, held not too far away, in Brazil.

When comparing the two tournaments, in the same timeframe, it is notable that there is more activeness of hackers in general before and in the start of the Copa America, particularly financial hackers (62.2% of all the attacks), just like in the World Cup tournament a year before. According to DyTA’s forecast, it appears that financial hackers are likely to continue being the most active attackers in the coming weeks.

S. America attack trends

S. America attack trends

S. America attackers division

S. America attackers division

When looking from the perspective of TTPs, it is clear to see that the main methods used were Denial of Service (41.7%) and Malware (22.7%). It is noticeable that there is a rise during the start of the Copa America, similarly to the World Cup. In addition, we can see that similar to the World Cup, in the Copa America, Terminal Malware, which includes POS and ATM attacks, experienced a significant rise. On the other hand, unlike the World Cup, the Copa America shows a low percentage of Phishing attacks.

Copa America


Host Nation

Another interesting trend showed that the host of the tournament – Chile, is the fourth in cyber activity in South America, and had a rise in cyber activity a month before the beginning of the tournament, in comparison to the last six months (beginning of 2015).


Host country – a target for cyberattacks


Most Targeted Assets and Industries 

The most targeted assets on the attackers’ scope both in Central and South America, as we saw in the World Cup, are Payment Cards, Personal Identifiable Information (Client Data) and “straight-forward” financial assets such as Monetary Value (bank accounts, Bitcoin, among others) and Financial Transactions.

targetted assets

targetted assets

As mentioned above, in the World Cup many of the attacks were done by Hacktivists who targeted government sites. We can see both in Central and South America that in the Copa America the situation is the same. Government was the most targeted sector, followed by banking and finance and retail. This coincides with our assessments regarding the effect large sporting events have on the government and the financial sector of the hosting nation.

targetted industries

targetted industries


As we’ve seen, there very high correlation between the trends witnessed during the Copa America and the World cup events. In all likelyhood, these patterns will repeat themselvs next year, during the 2016 Brazil Olympic games.