March Madness Security Threats Can Drive Any Organization Mad!

Monday, March 14, 2016

Mark Parker


It’s that time of year again. Let the “Madness” begin!

The NCAA Basketball Tournament, otherwise known as March Madness here in the U.S., is set to begin on March 15 with first round games in Dayton, Ohio. Not only is March Madness one of the most watched, and anticipated, sporting events every year, it has become the only major sporting event in the U.S. that traditionally falls during our regular business day.

Unfortunately, while the popularity of March Madness has grown exponentially, nearly every facet of any employee’s involvement with the event could open up the employee, as well as the organization, to a number of cyber risks.

As with anything that’s popular with people, criminals are drawn to an easy to exploit opportunity. Just as thieves target frequently visited locations that provide a target rich environment, so do the online crooks behind malware. Pillagers hang out near the watering holes that draw the prey, because it is easier than hunting the prey outright. March Madness is one major event which provides that easy-to-access watering hole for online criminals.

Year in and year out, events like March Madness bring a number of information security threats to the forefront. At iSheriff, a few of the key threats we expect to see this year include:

  • Rogue apps across multiple platforms that promise score and bracket updates but are designed to deliver advertising, or worse, malware
  • Thousands of drive-by and download and install malware infections from March Madness related sites, both authentic and spoofed
  • Phishing attacks targeting users following their brackets on popular websites such as ESPN, CBS Sports and Yahoo
  • Malware camouflaged as video players that allow users to stream the games
  • Links posted in forums, comments and social media that promise March Madness info or streams, but only direct the user to an infected site
  • A flood of bogus betting sites used to steal the credit card info of unsuspecting users
  • Several enterprises across the country experiencing production impacting bandwidth issues due to users streaming games during work hours

With all of these threats in place, it’s absolutely understandable that the IT staff could be driven completely mad by March Madness.

So what is it that can be done to help alleviate these issues? What options do IT staff and corporate management have in place to protect themselves?

First, you need to decide which of these activities will you allow your employees to do during March Madness:

  • Setting and viewing prediction brackets
  • Reading news and information on the tournament
  • Streaming the games from online sources

Many organizations have put up televisions to allow employees to view the games so that multiple users aren’t using bandwidth to stream the games. Other organizations block the streams, or even going so far as to block access to all sports sites in general. Unfortunately, these actions can have a backlash and drive some users towards sites that have been designed to target those that are blocked from traditional sources.

It is very important that security and IT staff are making employees aware of the potential threats posed by events such as March Madness. Encourage employees to practice extra due diligence. Don’t click on links within emails from March Madness sites. Visit the site by directly typing the URLs into the browser. Most importantly do not install any software from any March Madness related sites.

March Madness is here and it won’t be over until the nets are cut down following the championship game on April 4 in Houston, Texas. Until then, may your network and devices continue to be safe and may your bracket be the one that wins the office pool! 

Possibly Related Articles:
Cloud Security Firewalls IDS/IDP Network Access Control Network->General Budgets Enterprise Security Policy Security Awareness Security Training General Impersonation Phishing Phreaking Breaches DB Vulns Privacy Vulnerabilities Webappsec->General PDAs/Smart Phones
Phishing malware Social Engineering March Madness security threats
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.