When the world turns its attention to major global events, cybercriminals are paying attention too. From international summits such as the World Governments Summit (WGS) which took place in Dubai recently to global games, spikes in digital activity creates a golden opportunity for attackers.

Large events like the WGS naturally attract cyberattacks. During this year’s Summit, the UAE’s cybersecurity systems blocked and neutralised around 90,000 attempted attacks on the events digital infrastructure – a significant figure that underscores how high the stakes are for even a well-protected event.

by Alexandre Depret-Bixio, Senior Vice President, International at Anomali

According to the UAE Cyber Security Council, the nation now observes more than 200,000 cyberattack attempts per day targeting strategic sectors like government, finance and education, with attacks originating from across 14 countries. This paints a picture of a threat landscape that is not only active but persistent and broad-based.

And this pattern isn’t unique. During the Paris 2024 Olympics, authorities reported more than 140 cyber incidents – from phishing and payment fraud to account takeovers. Large-scale international events consistently generate similar spikes in malicious activity, regardless of geography, sector or audience.

Recent data-driven analysis of threat actor behavior shows that attacks are not merely opportunistic, but deliberately timed. Major attack campaigns tend to align with high-profile events such as major sporting events, global games and elections, when user interest and traffic peak. In the third quarter of 2024, for example, this pattern contributed to a 48 percent increase in sign-up attacks during periods of heightened visibility and engagement.

Taken together, these numbers show that cyber threats are continuous, coordinated and increasingly synchronized with moments of global attention – major events act as accelerants rather than anomalies.

Why the surge in attacks? Global events create a “target-rich environment.” Ticketing systems, payment platforms, event apps, broadcast channels – all are high-traffic

digital systems packed with sensitive data. Throw in distracted users and a sense of urgency and you’ve got the perfect storm for fraudsters.

Phishing remains one of the most common tactics. In 2025, over 1 million phishing incidents were recorded in a single quarter, accounting for roughly 36% of all data breaches. The common thread? Many of these attacks are tied to major events, leveraging trending topics, ticketing scams or fake promotions to lure victims.

Sporting events, in particular, show just how intense these threats can be. The Paris Olympics were a magnet for cyber attackers, including attempts to breach systems and launch distributed denial-of-service attacks.

Beyond phishing, another growing attack vector is streaming media. During major events, millions of consumers create or reactivate streaming accounts to watch live coverage. These accounts often sit dormant, lack multi-factor authentication, and go largely unmonitored. Cybercriminals exploit this by taking over “unchaperoned” accounts and reselling credentials on dark web marketplaces. Many victims only discover breaches weeks later, often after seeing unusual recommendations.

These attacks are particularly hard to detect because bad actors hide inside massive spikes in legitimate traffic. Financially motivated attackers blend in, test credentials at scale and monetize access while platforms focus on keeping streams live.

Cybercrime is increasingly profitable. Some attackers earn six-figure incomes by targeting just a handful of platforms, using account takeover and fraud schemes at scale, showing they are professional and organized, not fringe actors.

History reminds us that sophisticated operations aren’t new. During the 2018 Winter Games, the “Olympic Destroyer” malware struck, temporarily disrupting broadcasts, official websites and internal systems. This incident demonstrated that cyberattacks can escalate from fraud into operational sabotage.

The risk extends beyond organizations. Fans, attendees and sponsors interact with event-related services on personal devices or public Wi-Fi, making impersonation scams, fake ticket websites and account takeovers common. Social media platforms and unofficial apps further expand the attack surface.

Financial stakes are rising, too. Business email compromise scams alone have cost billions and attackers increasingly use AI to craft highly convincing phishing messages that mimic executives, partners, or brands, making detection harder.

So, what does it take to stay ahead of attackers who strike when the world is watching?

Reactive security isn’t enough. During major events, attackers blend into surges of legitimate traffic, move faster than humans can react, and exploit any weak spot. Fighting this with disconnected tools or manual response is like trying to stop a storm with an umbrella.

The solution combines threat intelligence, a unified security data lake and an agentic SOC powered by agentic AI. Together, these allow defenders to detect subtle patterns, separate real users from attackers, and act before damage occurs, even during massive traffic spikes.

Of course, basic cyber hygiene still matters. Multi-factor authentication, timely patching and user awareness remain essential. But during high-profile events, true resilience comes from seeing earlier, connecting signals across systems and letting intelligent automation handle what humans alone cannot.

Major global events should be remembered for excitement, not disruption or stolen accounts. With intelligence-led, unified and agentic security, organizations can keep experiences seamless, even when no one outside the SOC realizes the storm they’re quietly stopping behind the scenes.