Super Bowl Provides Super Opportunity for Cybercriminals
The Kansas City Chiefs and the Philadelphia Eagles won’t be the only teams playing during Sunday’s Super Bowl LVII.
Often, large, high-profile events provide an opportunity for criminal and nation-state threat actors to make money, sow confusion, increase their notoriety, discredit adversaries and advance ideological goals.
Darren Guccione is CEO and co-founder at Keeper Security. He said the two biggest motivators threat actors may have for targeting huge events like the Super Bowl are increased visibility for financial, political or other purposes.
“A successful cyberattack related to the Super Bowl will garner more media coverage than an attack at a standard company, as well as the pool of potential victims,” he said. “The large numbers of people in attendance creates a wealth of personal data that cybercriminals can target. Another potential motivator is increased opportunity. The potential entry points for threat actors have increased exponentially in recent years as the Super Bowl and its surrounding events continue to expand their digital footprint.”
The greater risk may not be to the Super Bowl itself, but rather the opportunity for bad actors to use this event to target other victims, as online scams notoriously increase around significant occasions such as sporting events, Guccione said.
“These scams include phishing attacks and fraudulent websites that can compromise individuals’ passwords, personal and financial information, or infect individuals’ computers with malware,” he said. “This threat is especially high around the Super Bowl as people download new apps or sign up for giveaways related to the game. People should always ensure they are downloading trusted apps and be careful about what information they share.”
When monitoring threats against large events like the Super Bowl, IT professionals need to consider the security of their numerous third-party vendors and contractors that can be easily overlooked, insider threats from employees or contractors, and evolving technologies that may not have existed the year before, Guccione said.
“Leading up to the big game, IT professionals should be on the lookout for phishing attacks, malware and viruses, and social engineering attacks as threat actors attempt to gain access to the computer systems used to manage the event,” he said. “Distributed denial of service (DDoS) and ransomware attacks are also possible from threat actors who are looking to cash in on an event that they know can’t be delayed. Phishing attacks related to the game are also likely to increase as people search for information related to gambling, the current score, or big events that happen during the broadcast of the game.”
Timothy Morris is chief security advisor at Tanium. He noted that the Super Bowl is historically one of the largest attended and watched events in the United States. Anything that would make the game unsafe to play or for people to physically be there would be extremely disruptive.
“That is why so much care and diligence is given to the event,” he said. “This includes physical security at the venue, the players, the event staff, contractors, suppliers, etc. Also, anything that would interrupt the broadcast of the big game would be very disruptive. Cybersecurity teams see an increased volume of phishing attempts, website compromises, watering hole attacks, business email compromise (BEC), malvertising, etc., that will be Super Bowl-themed, due to the emotion involved and users willing to take the clickbait. Users will see multiple scams as well, such as fake ticket scams, VIP experience scams, counterfeit merch or merch scams.”
Security professionals need to see the event as a prime target for cyberattacks and an easy avenue to dupe their users with Super Bowl-themed threats, Morris said.
“Many might see this as an innocent sporting event only and not the cultural phenomenon that creates opportunities for criminals,” he said. “Sometimes those opportunities are targeted toward the fan bases of the two teams playing in the championship. Rabid fans are known to lose sensibility and do things they normally wouldn’t do. Greased pole challenge anyone?”
