At the 2026 FIFA World Cup, Israeli security firms play defense against drone, cyber threats

As the FIFA World Cup continues, soccer fans from around the world, including Israel, will be benefiting from the protection that Israeli companies have provided to aid authorities in ensuring that the largest sporting event in the world runs smoothly.

Israeli companies have been, and still are, involved in protecting the tournament against hackers, scammers, and other cyber threats, as well as the risk of drone attacks, coordinating with authorities on a local, national, and international level.

According to KELA, the event features an “enormous digital attack surface,” as approximately 6.5 million ticketed attendees are expected throughout the weeks-long event, as well as a worldwide viewing audience, possibly reaching six billion.

The tournament, KELA says, relies on a “massively interconnected digital supply chain involving third-party vendors, transportation, hospitality, and cloud services.” This means that the failure of even a minor link in the chain could disrupt core parts of the operations, the company said.

KELA noted that geopolitics has an effect on state actors attempting to disrupt events. This has been seen with Russian and Iranian threat actors using intelligence and psychological warfare.

KELA Group noted that in past events, Russian hacktivists, including APT28, have focused on covert intelligence collection, while Storm-1679 used AI-generated voices of celebrities to incite fear.

Another Iranian group claimed that it succeeded in gaining access to operational technology at a water company in Missouri, attempting to prove its capability to target critical infrastructure.

The KELA Group, in efforts to mitigate these threats, has been monitoring the Dark Web and communicating with authorities, mostly in the US, in order to share information that could highlight risks to the FIFA World Cup’s operations, largely ticket scams and fraudulent website links.

She explained how the organization monitors for hacktivists, nation-states, and APTs that will support their agenda and political motivation by trying to gather intelligence.

Government-run APTs, Lev said, “usually try to attack critical infrastructure, conduct espionage, and gather intelligence.”

These APTs target events to cause as much damage as possible, she explained.

Another motivation, however, is financial. Lev reiterated the scale of the World Cup’s ticket chain, noting that this motivates threat actors to carry out attacks for financial gain, including targeting ticketing platforms and creating fake websites that appear to be official in order to fool well-meaning customers into giving away their money.

Beyond phishing scams and spoofed FIFA domains, however, threat actors are also targeting transportation networks that support events, as attendees need to travel to stadiums. Another target vector attacks telecommunications and media networks, given the widely broadcast aspects of the tournament.

“We need to try to think all the time where these types of groups of threat actors might try to cause damage and to serve their agenda,” Lev said.

One such APT gained access to nine different telecom companies, including AT&T and Verizon, maintaining access for approximately five years and selling data.

“Imagine that they have this type of access and then, at the time of the event, they can just shut down the entire telecom network,” Lev stated.

“When looking into these events, we are more alert,” she said.

“When you know the way that they normally operate, how they normally gain access, you can prepare for that and block the entry points,” she explained.

“We can see over 1.5 million such accounts available right now out there. Out of these, each one can serve as a potential initial access point,” she warned.

“We’ve already seen over 7,000 of them connected directly to FIFA domains and around 3,000 of them that are connected to potentially sensitive sites, all discovered over the past month,” she said.

“If we look deeper, we see their accounts, including single sign-on and secure token service-related content connected directly to FIFA employees,” she continued.

Every such account that we see out there in the hands of the aforementioned groups acts as a “key to the door” for them to cause damage, she noted.

“Identifying all of the relevant organizations, their assets, their attack surface,” is a step that KELA Group takes, before giving authorities the “tools to be ready and block this type of potential access before someone can use it,” Lev said.

Monitoring of events can begin over a year before, but at least a few months before the event itself, Lev said. This allows the organization to start monitoring actors, locating critical identities, potential entry points, and other risks that can highlight how threat actors could cause damage.

“Our main advantage is that we have access to everything – all of the discussions happening underground – we see it all in real time,” she added.

“We then alert the relevant authority on anything critical that might come in their direction and allow them to block it. This usually comes from cooperation with authorities themselves,” she clarified.

“We are working with law enforcement agencies that are trying to prevent attacks, catch threat actors, and take action,” she stated.

KELA Group also focuses on understanding ATPs’ capabilities, where they focus attacks, their tactics, techniques, and procedures (TTPs), and then helping authorities by giving them visibility into what is occurring in underground channels, she said.

Threat actors may have maintained access that they gained months ago, Lev warned. She also pointed out that KELA Group assumes that hacktivists and cybercriminals are always employing additional TTPs.

These AI tools bring new, less experienced threat actors into the market because “they can now use AI tools to do more sophisticated things,” she went on to say.

Meanwhile, AI tools provide “expert players with a whole other level of scalability. We have just seen a Chinese APT running almost 90% of their attack with just AI tools, saving a lot of time, and allowing them to do more,” she added.

Additionally, AI tools boost the possible tactics of threat actors. If a threat actor gained access to a specific account, it’s possible that they will run an AI tool through millions of accounts and try to verify them, finding more potential entry points because they “have nothing to lose,” Lev said.

“We are also seeing different actors, including smaller ones, use tools to gather more fraud-related opportunities, from hospitality, including fake hotels, and Airbnb bookings to phishing and lookalike domains,” she said.

Israeli companies, however, are not only focusing on cybersecurity and the Dark Web, as KELA Group is. Ondas Network’s subsidiary, Sentrycs, was chosen to deploy counter-drone protections at FIFA World Cup infrastructure, the company announced in April.

The contracts from FIFA are valued in the millions of dollars, the company announced, and were granted at several levels with federal, state, and local public safety and security organizations.

Sentrycs’s counter-UAS (CUAS) solutions have been “deployed across most venues where matches will be held,” Ondas said.

These solutions are “supporting efforts to protect stadiums, fan zones, and related event locations from unauthorized drone activity throughout the tournament,” Ondas added.

“Securing the lower airspace in such a complex, high-visibility environment requires coordinated, regulation-compliant counter-drone capabilities that integrate into broader security frameworks,” it stated.

“Sentrycs’s field-proven cyber-over-RF technology enables passive detection, tracking, and identification of unauthorized drones, along with controlled mitigation capabilities,” Ondas stated.

It allows “authorized operators to safely take control of, and land, drones in designated areas when required.”

“Operating without jamming or kinetic measures, the solution is designed to support secure operations in dense urban environments and crowded venues while maintaining communications continuity without interfering with authorized systems,” the company noted.

Selecting Sentrycs for the counter-drone operations “reflects the increasing importance of nondisruptive, cyber-based counter-drone technologies in safeguarding major international events, where maintaining public safety must be balanced with operational continuity and regulatory compliance,” Ondas said.

“Events of this scale and complexity highlight the growing need to protect low-altitude airspace against the threat of unauthorized drone activity,” said Eric Brock, chairman and CEO of Ondas.

“Securing the lower airspace across multiple venues simultaneously presents a unique operational challenge, requiring coordinated, regulation-compliant counter-drone capabilities. Sentrycs’s cyber-over-RF technology is designed to address this challenge, enabling precise, controlled mitigation of unauthorized drones in complex environments,” Brock added.

“We are seeing increasing demand for integrated, multilayered security solutions that address both aerial and ground-based threats,” said Oshri Lugassy, co-CEO of Ondas Autonomous Systems.

“Sentrycs plays a critical role in our broader autonomous defense architecture, enabling precise and nondisruptive control of low-altitude airspace,” Lugassy continued.

“Together with our autonomous platforms and sensing technologies, we are building a unified operational capability designed to secure complex environments at scale,” Lugassy added.

Meanwhile, Tel Aviv-based cybersecurity firm Gambit Security found that Iranian hackers were responsible for a disruptive computer breach in March that forced Los Angeles’ transit system to shut down parts of its network.

The hackers stole over 700 gigabytes of emails, backups, and other files from the Los Angeles County Metropolitan Transportation Authority, after it was inadvertently exposed online.

The company said a digital trail of evidence tied the server where LACMTA’s data was discovered to a previously known hack that Israelis had attributed to Iranian threat actors.

The attack disrupted digital services for passengers, including displaying arrival times and the ability to add money to digital ticket cards.

Gambit reported that the attackers’ activity included deleting virtual machines, databases, and storage volumes, as well as damaging backup infrastructures, thereby making it more difficult for LACMTA to resume normal operations.

ISRAELI COMPANIES are also playing roles in other aspects of the FIFA World Cup supply chain.

Another Israeli company involved in the tournament is Tel Aviv-based SeatPick, a global ticket resale price comparison site offering a platform to find and purchase tickets for the world’s biggest sporting events.

“From data, content, and supply to user experience and operations, every part of the business is aligned to maximize impact, making this a defining moment for SeatPick in terms of growth, visibility, and execution,” said SeatPick’s chief technical officer and co-founder, Guy Kogel.

“Our operations, both in Israel and globally, will shift to a 24/7 model to support user demand and ensure we handle any issues smoothly,” Kogel said.

Ashkelon-based tech company LSports is also playing a role, delivering fast, data-driven analysis to global sports betting and media companies.

In order to do this, LSports uses advanced AI and machine learning algorithms to track millions of real-time data points from games before converting them into live statistics, automated visualizations, and engaging fan experiences.

“The World Cup demands the absolute highest standards of accuracy and speed, and that is exactly where Israeli innovation thrives,” said LSports CEO Dotan Lazar.

“We are proud to contribute our cutting-edge sports data ecosystem to the world’s biggest tournament. While the players create history on the pitch, our technology ensures that millions of fans, media channels, and platforms across the globe receive the most precise, thrilling, and immersive data experience possible,” Lazar added.