How to prepare for a high cybersecurity risk at the Super Bowl

COMMENT

Major sporting events like the Super Bowl are fertile ground for threat actors: they attract large audiences and offer a treasure trove of valuable data for hackers: from payment card data to user credentials that grant access to an organization’s network. They also have a large concentration of high-profile targets, including celebrities, media personalities, political dignitaries, and famous athletes.

It’s not just the volume of targets and data that attracts threat actors to these live events. They also create a sense of urgency, one of a hacker’s greatest allies. If a threat actor manages to compromise critical systems, such as ticket entry or local point-of-sale (PoS) payment systems, the venue, event organizers, and suppliers may be highly motivated to pay a ransom for quickly restore your systems.

Companies need to be especially vigilant in the run-up to Super Bowl LVIII, as “redemption” threats are increasingly significant. While ransomware is the most well-known, other “ransom-related” threats include sustained distributed denial of service (DDoS) attacks and the exfiltration of sensitive or embarrassing data under the threat of disclosure unless the ransom is paid.

The offensive deployment: the opposing characters

As in football, it is important to know your opponents. The opponent’s offense can come from many angles.

  • Cyber ​​criminals they are primarily driven by financial gain, seek to quickly monetize exploits, and attack in large volumes. They are among the most popular threat actors and often begin attacks well before the event with social engineering and phishing campaigns to harvest credentials. They then double down during the event with more destructive actions, including launching “ransom-making” attacks and deploying information-stealing malware to steal payment card data from PoS systems.

  • Hacktivists they are generally driven by ideology, and website defacement is their weapon of choice. These hacktivists are trying to spread their message, and what better time than when the massive Super Bowl audience is watching?

  • Deliberate disruptors they typically use DDoS or destructive malware attacks to degrade or disrupt the event experience. Deliberate disruption includes “ransom” activities and misinformation and disinformation campaigns, often using social media and possibly deepfake technologies, to dissuade or persuade the target audience of something (usually nefarious).

  • Domestic or state-affiliated threat actors they are driven by national security, geopolitical positioning and competitive advantage. These highly sophisticated cyber adversaries are attracted to large events because of their VIP audiences and the types of information they can potentially gather.

Don’t underestimate the home team’s advantage

While it is common to focus on threats from foreign cyber criminal enterprises seeking to do harm, one should not overlook the often inadvertent threat actors much closer to home.

  • Employees with legitimate access to organizational resources can cause significant harm (usually unintentional) through errors and abuse of access privileges.

  • A temporary workforceintroduced to cover increased demand for staff, they may have similar access rights to full-time employees, but are often subject to fewer security checks or controls.

  • Suppliers and partners with physical or logical access to key assets can be a pivot point for threat actors through supply chain attacks. Suppliers and partners are often the main targets of attackers.

How cyber adversaries cause harm

The cyber adversary’s playbook includes multiple tactics, techniques, and procedures (TTPs).

  • Target infrastructure provided by the event venue, city and state governments, and third parties (such as local businesses, sponsors, and hospitality providers). These can degrade or disable services, often with the intent of obtaining financial gain through ransomware or DDoS attacks.

  • Increased social engineering campaigns that use the event or related topics as bait to target and trick victims into providing information, including credentials, or clicking on links that activate malware.

  • Spread misinformation and disinformation – usually for ideological reasons, (geo)political motivations or competitive advantage.

  • Exfiltration of sensitive data to discredit, bribe, monetize, or coerce victims, often with a ransom note demanding payment in cryptocurrency.

Strengthen the human element

With the Super Bowl coming to town, Las Vegas, already known for its hospitality, will see a massive influx of guests. Cybercriminals often use social engineering techniques to target and defraud tourists because they may have difficulty distinguishing between legitimate and malicious communications when outside of their normal routines. This makes them particularly vulnerable and attractive to cyber criminals.

Companies must also be wary of social engineering ahead of the “Big Game.” Even though Las Vegas is home to some of the world’s largest hospitality brands, companies with multimillion-dollar cybersecurity budgets, social attacks can bypass even the most sophisticated security systems by targeting the greatest vulnerability of all: people.

Companies don’t have time to do a full cybersecurity review before Super Bowl weekend, but they do have time to remind employees of cybersecurity best practices. Social attacks can target virtually any employee, and an educated workforce helps mitigate the risks.

Employees who learn to spot the most common social engineering tactics (phishing, vishing, smishing, and pretexting) can help reduce entry points. Remind employees to change passwords often and not to use the same credentials across different systems and websites. If an employee’s password has been compromised in another data breach, attackers can use it to access your company.

Also have incident response plans in place so employees know how to respond if a suspicious incident occurs. Having a plan can prevent a larger breach. Isolating incidents is as important as preventing them.

Consider partners wisely

Attackers can also bypass sophisticated cybersecurity systems by targeting third-party vendors. Many major breaches can be traced back to vulnerabilities in vendors with valuable data from larger companies. This should be a concern for Super Bowl event planners, who work with a vast constellation of third-party vendors. While it is too late to re-evaluate vendors now, there may be time to assess third-party exposure, connect with vendor partners, and take steps to mitigate potential risk.

An organization’s cybersecurity is only as strong as its weakest links. Strong cybersecurity doesn’t just depend on technological solutions; It’s also about behavior and culture. In this sense, cybersecurity is a manifestation of discipline. An organization may have rules to help prevent cyber incidents, but if they are not strictly and uniformly enforced, its systems remain vulnerable. Threat actors are unlikely to change their tactics as long as they remain effective. Don’t make his life easy. Implement systems, establish protocols, make plans and stick to them.



Source link

Leave a Reply

Your email address will not be published. Required fields are marked *