Football may not have come home, but it did at least reduce the number of malware attacks while the drama was unfolding.

That's one possibility floated by Cofense Intelligence, which has produced some research which demonstrates a marked drop in TrickBot malware attacks in July, after a sustained increase throughout April and June.

It wasn't just the number of attacks dropping either. Cofense noted that while TrickBot phishing lures are typically sufficiently authentic looking to fool victims into handing over banking information, the samples captured in July were "incredibly simplistic."

Analysis of all Trickbot campaigns between May and September found that around 10.5% of attacks took place in June compared to 51% of campaigns taking place in July, falling sharply to 10.5% again in August. It's believed Trickbot campaign activity fell by as much as 41% during June and August.

The lulls coincided with a noticeable decline in the sophistication of attacks, deviating from the elaborate emails that normally try to masquerade as legitimate notes from banking institutions. The belief is that Trickbot's resources may have been spread thin during this time, and that criminals may have been reliant on low-skilled freelance hackers.

It may seem odd to think of malware operators in the same way we think of employees in other sectors, but Cofense thinks that these phoned-in efforts could well be the result of the World Cup and summer holiday season distracting the usually fastidious TrickBot operatives. Certainly, activity picked up again towards the end of the month after the tournament came to an end.