It happens this time every year, the NCAA Division 1 Basketball Tournament, otherwise known here in the US as “March Madness.”
March Madness is an American sports fans dream. 67 single elimination college basketball games which take place in just a few short weeks. It is one of the most watched, and anticipated, sporting events every year. Its online draw is only bested by the FIFA World Cup, which only happens once every four years. The interesting thing about March Madness, though, is that it’s the only major sporting event in the US that traditionally falls during our business day.
Let’s face it. The drama that unfolds each year is intense. The upstart under-dogs going on a long, Cinderella-esque run to eliminate highly ranked teams, which inevitably throws about 99% of our brackets into the circular file. But most of all, we get to witness the drama of who is going to take home the coveted office pool crown.
As with anything popular, criminals and ne’er-do-wells are drawn to an easy to exploit opportunity. Just as pick pockets target frequently visited locations that provide a target rich environment, so do the online criminals behind malware. Predators hang out near the watering holes that draw the prey, because it is easier than hunting the prey outright.
March Madness provides that easy-to-access watering hole for online criminals. This isn’t shocking news to those who have been around the security block a few times. At iSheriff, we have seen the threats that March Madness can provide going back the last few years.
Here are just a few of the threats we have seen in relation to March Madness:
- SEO poisoning have skewed the results of March Madness related searches so effectively that links to malware infected pages were on the first page of search results of every major search engine.
- The US Department of Defense experienced severe bandwidth utilization issues during critical military deployments due to the strain on the network by games being streamed.
- Thousands of drive-by and download and install malware infections from March Madness related sites, both legitimate and spoofed.
- Phishing attacks targeting users following their March Madness brackets on popular sites such as ESPN and Yahoo.
- Malware masquerading as video players that will allow the user to stream the games.
- Links posted in forums, comments and social media that promise March Madness info or streams, but only direct the user to an infected site.
- A large influx of fake betting sites used to grift the credit card info of unsuspecting users
- Several companies across the country experiencing production impacting bandwidth issues due to users streaming games during work hours.
With all of these threats in place, it’s completely understandable that the IT staff could be driven completely mad by March Madness.
So what is it that can be done to help alleviate these issues? What options do IT staff and corporate management have in place to protect themselves?
First things first, you have to decide which stance you are going to take. Which of these activities will you be allowing your users to do during the tournament?
- Setting and viewing prediction brackets
- Reading news and information on the tournament
- Streaming the games from online sources
These are all important questions to answer. Many organizations have put up TVs in the office to allow users to view the games so that multiple users are not using bandwidth to stream the games. Taking a best of both worlds approach: “You keep working and we will let you see the games, just don’t use up all of our bandwidth.”
Other organizations have taken to blocking the streams, or even going so far as to blocking access to all sports sites in general. This can have a fairly severe backlash as it could drive some users towards sites that are designed to prey upon those users that are blocked from traditional sources. A newer trend has been rules put in place that provide an allowance for users to use their mobile device cellular data connection, but not the corporate network. For those that choose to block all sports related sites, this will be happening with several users, whether intended or not.
Next it is very important that security and IT staff are making the users aware of the potential threats posed by events such as March Madness. Encourage the users to practice extra diligence. Don’t click on links within emails from March Madness sites, visit the site by directly typing the URLs into the browser. Most importantly do not install any software from any March Madness related sites.
Lastly, organizations should use cloud-based web, email and endpoint security services that can help protect the users against threats from the three most common threat vectors today.
March Madness starts on March 15 and ends on April 6. May your network and devices be safe and may your bracket be the one that wins the office pool.
Mine will have upstart West Virginia doing a lot of unexpected damage with that stellar defense. Good luck!