Taking Advantage of Passion, Emotion
Timothy Morris is Tanium‘s chief security advisor. He said the NCAA tournament is prime time for attackers to play on the passion and emotion of college basketball fans. Success rates of phishing attempts are higher because “we, as humans, tend to let our guard down when we are consumed by a major event. After all, it’s not called March Madness for nothing.”
“The sheer scope and duration of March Madness makes an attractive hunting ground for multiple weeks,” he said. “Not to mention the brackets enjoyed by so many. It’s estimated that more than 36 million adults will complete a bracket. And, who knows how many will join office pools that can’t be tracked, each of which has potential for fraud. As such, cybersecurity teams can expect to see an increased volume of phishing attempts, website compromises, watering hole attacks, business email compromise (BEC), malvertising, etc., geared towards enthusiasm for March Madness. Scams will also target consumers for fake merchandise, phony tickets, etc.”
To offset these efforts, it will be important for companies to ensure their systems are patched, particularly apps that are internet facing, and that multifactor authentication (MFA) is utilized, Morris said. Users should be trained to be on the lookout for these types of attacks and make sure security controls are working and effective. This includes the management of tools to secure endpoints and email/web content.
“For major events, it is a good idea to block or closely review new domains, or those that have unusually high traffic levels,” he said.
