Often, large, high-profile events provide an opportunity for criminal and nation-state threat actors to make money, sow confusion, increase their notoriety, discredit adversaries, and advance ideological goals. This February, two of the biggest in the sports world will occur concurrently: the Winter Olympic Games and the Super Bowl.
Cyber actors could use a broad range of cyber activities to disrupt these events, including distributed denial of service (DDoS) attacks, ransomware, malware, social engineering, data theft or leaks, phishing campaigns, disinformation campaigns, or insider threats, and when successful, can block or disrupt the live broadcast of the event, steal or leak sensitive data, or impact public or private digital infrastructure supporting the Olympics or the Super Bowl.
From its experience monitoring previous events, Mimecast warns that threat actors likely will use these two events to target those most vulnerable, including event broadcasters and streamers; sponsors, partners and contractors; and individuals planning to tune in. In fact, security concerns have already started with the My2022 app flaws and the U.S. Olympic & Paralympic Committee warning Team USA athletes of surveillance risks.
Of the multitude of potential attack methodologies available to threat actors, Dr. Francis Gaffney, DirectorMimecast Labs & Future Operations, expects two active cyber campaigns, in particular:
- Typosquatting: With typosquatting campaigns, cybercriminals will set up fake websites mimicking official Olympic Games or Super Bowl sites, but intentionally include typographical errors in the web addresses to exploit unwary users who mistype (or click on a link with a very similar name). Rather than visiting the sites, they’re looking for, users are taken to a fake site that appears almost the same as the genuine site, but where malware can be installed or credentials stolen.
- Fake streaming websites: With so many people staying home amid the ongoing pandemic, and the rise of “cord-cutting,” fake streaming websites are being set up to mirror official streaming platforms offering free access to watch the action. The cybercriminals’ end goal is usually to obtain some financial gain from their activities, including harvesting user credentials for sale on Dark Web sites for further exploitation or to be used as part of credential stuffing attacks to access corporate systems in larger campaigns.
As the lines between personal and professional devices continue to blur, “the enterprise risk introduced by employees searching the web for Super Bowl or Olympic Games-themed news and streaming sites must be taken seriously,” says Gaffney. In fact, Mimecast research found that 73% of employees admit to using their company-issued devices for personal matters. “All it takes is one bad click to introduce a host of problems,” Gaffney adds.
For all parties (from organizations, to sponsors, contractors, broadcasters, and viewers), awareness training combined with a strong cybersecurity culture is the best proactive defense to combat these threats, Gaffney suggests. While email and web security solutions are powerful tools, today’s threats are more sophisticated than ever, and that “human firewall” must be bolstered as the last line of defense. “It is important that organizations implement a robust awareness training program that teaches end users to be skeptical, know what to look for, and know when to report something that appears suspicious,” Gaffney says. If security leaders and organizations understand how threat actors are looking to take advantage, “they may be able to stop an active campaign in its tracks,” Gaffney says.
As with any high-profile event, cybersecurity leaders must put the proper precautions in place to best prevent scams and phishing campaigns before they happen, explains Joe Partlow, CTO, ReliaQuest, who was an official cybersecurity partner for the Tampa Bay Buccaneers and the Super Bowl LV Host Committee and part of the team of security providers to secure the event’s attendees, staff, players, network, and associated media properties.
There will never be one single piece of software or technology that is entirely inaccessible or not hackable and can help prevent all cyber risks. “Singular visibility that spans the environment — regardless of locale — is critical so there are no blind spots. Augmenting signature-based detections with behavior-based analysis is also an essential strategy as attackers are getting more sophisticated,” Partlow explains.