DALLAS 2026: THE UNSEEN OPPONENT

A strategic assessment of city-wide cyber risks for the FIFA World Cup.

Download the CISO Security Brief
CRITICALNew ransomware variant "BlackShadow" targeting healthcare sector2 hours ago
WARNINGPhishing campaign impersonating major banks detected across 12 countries4 hours ago
ADVISORYZero-day vulnerability in popular enterprise software - patch available6 hours ago
CRITICALDDoS attack campaign targeting financial institutions in North America8 hours ago
CRITICALNew ransomware variant "BlackShadow" targeting healthcare sector2 hours ago
WARNINGPhishing campaign impersonating major banks detected across 12 countries4 hours ago
ADVISORYZero-day vulnerability in popular enterprise software - patch available6 hours ago
CRITICALDDoS attack campaign targeting financial institutions in North America8 hours ago

Dallas is on the World Stage

9
Matches
39
Days
$5K+
International Visitors
$5M+
Economic Impact
Supported by 130,000 hotel rooms, 8 major hospital systems,
64 DART rail stations, and 50+ major shopping centers.
The Stadium is Secure. But is Dallas?
The Threat Follows a Predictable Timeline

The Threat Timeline

Cyber attacks against major events follow a predictable 5-phase pattern from reconnaissance to post-event persistence.

Key Callout: Scanning activity targeting Dallas began in Q3 2025.
Visualizing the Cascade Effect - One compromised endpoint is all it takes

The Cascade Effect

Other host cities have airports, hotels, and hospitals. Dallas has all of these operating at exceptional scale with uncommon interconnection density.

A breach in one system doesn't stay in one system—it cascades.

The Anatomy of the Cascade Effect

DFW Airport (Entry Vector)

3rd busiest in the world. A single compromised endpoint in airport Wi-Fi, rental car, or retail POS networks provides access to citywide systems.

Threat: A single compromised endpoint provides access to citywide systems.

Financial Infrastructure (Target)

11th Federal Reserve Bank, $3.4T in annual wire transfers.

Threat: Surgical targeting of payment systems that connect hotels, retail, and banks.

Healthcare Systems (Extortion)

#1 target for ransomware. Precedent: Dallas County ransomware attack, Feb 2023.

Threat: A compromised hospital during the event is a mass casualty incident, not just a financial loss.

DART & Transit (Chaos)

200,000+ expected daily riders.

Threat: A disruption to digitized ticketing, scheduling, or safety systems creates chaos.

This isn't theoretical. It's how Olympic Destroyer worked in PyeongChang—a single compromised hotel network was used to take down the entire Olympic IT infrastructure.

History Provides a Blueprint for Attack

CASE FILE 01: PyeongChang 2018Classified
Attack:
Olympic Destroyer (Russia's GRU)
Vector:
A hotel network used as a launchpad.
Impact:
Wi-Fi, ticketing, and websites crashed for 12 hours during the Opening Ceremony.
CASE FILE 02: Las Vegas 2023Classified
Attack:
Ransomware (Scattered Spider)
Vector:
Social engineering of IT help desks at MGM & Caesars.
Impact:
~$100M loss, 10+ days of operational paralysis, electronic room keys disabled, ATMs non-functional.
CASE FILE 03: Qatar 2022Classified
Attack:
BlackTech APT (Chinese State-Sponsored)
Vector:
Breach of a major telecommunications provider.
Impact:
12+ months of undetected access for espionage throughout the World Cup.

The Three Pillars of City-Wide Defense

Pillar 1: Unified Threat Visibility
Pillar 2: Coordinated Intelligence Sharing
Pillar 3: Pre-Positioned Incident Response
Dallas 2026: The Projected Threat Volume

The Three Pillars of City-Wide Defense

Unified Threat Visibility
What it is:

Seeing 100% of network traffic, 100% of the time—not just perimeter alerts.

Why it matters:

Detects lateral movement and slow-moving APTs that traditional security misses.

Coordinated Intelligence Sharing
What it is:

Real-time sharing of Indicators of Compromise (IOCs) across sectors.

Why it matters:

When one hotel is targeted, all hotels are warned. An attack on one is a warning for all.

Pre-Positioned Incident Response
What it is:

Playbooks, teams, and forensic readiness established before the event.

Why it matters:

When an attack happens, there is no time for contract negotiations or coordination meetings.

The Tournament Ends July 19.
The Threat Doesn't.

July
19

"The most damaging breaches aren't discovered during the event. They're discovered months or years later, after attackers have weaponized the access they gained during the chaos."

Qatar 2022:

Breach was active for 12+ months, discovered a year after initial compromise.

Marriott (2014-2018):

Breach was active across 3 separate global sporting events, discovered 4 years later.

PyeongChang 2018:

Olympic Destroyer maintained backdoor access for 8 months post-event.

The Dallas Post-Event Threat Horizon

August – December 2026

Expect ransomware attacks, data breach notifications from hotels and retail, and credential stuffing attacks.

2027 and Beyond

Expect long-term espionage operations, financial fraud from stolen payment data, and identity theft targeting visitors.

"The question every CISO must answer in August 2026 is: 'How do we know we weren't breached?' If the answer is 'we didn't see any alerts,' that is evidence of insufficient visibility, not security."

The Path Forward

1

Establish visibility across every critical organization. If you can't see the threat, you can't stop it.

2

Build intelligence sharing infrastructure now. Waiting until May 2026 means defending in isolation.

3

Pre-position incident response capability before attackers begin probing defenses in March 2026.

The tournament begins June 11, 2026. Preparedness begins now.

How Vulnerable Is Your Network?

Answer 3 quick questions to get a personalized risk assessment and see how Intrusion can help protect you.

83.0%of businesses experienced a cyber attack in 2024
$4.45Maverage cost of a data breach
🛡️Quick Risk Assessment
Dallas

The World Is Watching. The Smart Ones Are Ready.

It's about the unseen backbone of a global event.

Hotels, hospitals, airports, retailers, logistics providers, city systems, and businesses that keep everything moving.

If your organization supports Dallas in 2026, you're already in the game.

Global events don't just attract fans.

They attract attention.

Are you in the Game?

Intrusion