Business & Technology
Does the arrival of summertime remind you of warm sunny days, the sizzle of the grill, trips to the beach, or the electricity of the crowd at the ballpark at the bottom of the ninth, bases loaded, as the home team’s star hitter steps up to bat?
Summertime living might be easy, but if relaxation brings a lack of vigilance, it can have devastating consequences for potential cybercrime victims. And the warmer months do come with some unique security risks, especially for IT teams working at stadiums and major event venues.
Summer is prime season for outdoor concerts, music festivals, and sporting events, when people tend to gather, both physically and online. And as a recent Fortinet Threat Landscape Report shows, attacks are increasing, cybercriminals are wily and shrewd, and are willing to take advantage of opportunities—both technical and human—wherever they can find them.
During the season when people gather, it’s essential for IT teams to be on guard against cyber attackers targeting crowds – especially on stadium and venue networks. If an event has brought thousands, or even tens of thousands, of people together, it’s all too likely that most of those people are also using a mobile device connected to your wireless access points, and as a result, someone there will also be looking for ways to exploit your wireless network to target attendees.
Cyberattacks targeting stadiums, arenas, or event sites are nothing new. Cybercriminals are willing to target any element of a venue’s potential attack surface in order to compromise internal systems as well as the devices of paying customers. As we noted in last year’s Q1 Threat Landscape Report, an attack made headlines around the world when it disrupted the opening ceremonies of the 2018 Winter Olympics in South Korea.
Though the majority of cybercriminals are motivated by the desire for financial gain, high-profile events like the Olympic Games also make attractive targets for politically motivated threat actors, or for those seeking to alter the competition’s outcome by tampering with scoring equipment or monitoring systems. If they manage to cause damage, millions of eyes will be watching them do it.
With this in mind, IT and security teams at venues need to be aware of what poses the greatest risk to their own and customer security, and how to minimize that risk while meeting user demands and increased traffic.
At any major event, the fans connecting to your network are the cybercriminal’s most likely prey. In the excitement leading up to the big day, people attending a game or concert may be more likely to click on fraudulent websites or phishing emails related to the event. Attackers are also using a number of ticket generation sites to sell fake tickets before events even start. Once there, attendees may also fall victim to credit card skimmers or keyloggers at stadium ATMs. IT staff should be coordinating with the ATM providers to ensure these devices are secure and have not been tampered with.
It is also possible that attackers could target critical stadium infrastructure, like lighting systems or power supplies. However, a cybercriminal’s most probable target—because it can allow them access to the treasure trove of financial data stored on users’ mobile phones—is the event site’s Wi-Fi network. Nearly every large-capacity stadium, major league ballpark, or noteworthy concert venue today offers free Wi-Fi connectivity to the public. Younger fans, in particular, have come to expect faster and more reliable access to data than 3G/4G cellular networks can provide.
Unfortunately, many wireless networks, especially if improperly segmented and secured, are vulnerable to malware injection or man-in-the-middle attacks. Given the sheer size of many crowds, man-in-the-middle attacks can be especially difficult to detect. To reduce risk, venue IT teams must be up on the latest threat intelligence concerning Wi-Fi and router attacks, as well as the tools that are able to identify and pinpoint rogue access points so steps can be taken to remove them.
Wireless routers are common targets for exploit. With this is mind, the challenge in securing these large events comes down to venue IT teams enforcing appropriate logical segmentation and segregation in its wireless network architecture.
Monitoring the huge spike in traffic that sporting events or concert attendees generate for a relatively brief period of time is a major challenge. It’s critical that IT teams maintain strong network segmentation during the event’s traffic spike, as well as ensure the physical security of the wireless access points and the ports they’re connected to. They also need to continually monitor for the presence of “evil twin” wireless networks set up in or near their facility to ensure attendees connect to the actual stadium network, and not a spoofed imitation set up by criminals to harvest their data or credentials.
Even though the focus of this article is on protecting your physical venue, today’s marketplace, driven by digital transformation, requires that security be extended to online services. Many organizations are supplementing their revenue by offering streaming services. As a result, a number of cybercriminals are offering free lifetime passes to popular streaming services. These hacked accounts are available on the dark web, often for around $10 USD, and can take a serious bite out of not only streaming services revenue, but ticket sales, as individuals may be less willing to pay for tickets to an event that they can stream for virtually free.
You should also regularly check application stores and search for online sites to ensure that hacked or unauthorized versions of your application aren’t being offered, and coordinate with law enforcement to shut down free services being offered on illegal commerce sites on the Dark Web.
An integrated, end-to-end approach can help protect event sites and fans against cyber threats.
The key element in securing large-scale network architectures and infrastructures that need to handle tens of thousands of data connections on a temporary basis is appropriate logical segmentation. Traffic containing payment information (used for food orders, merchandise kiosks, or ticketing) should be isolated from internal traffic (facility maintenance IT systems, for instance), which should, in turn, be isolated from team and player communication traffic. Likewise, the wireless Internet access provided to fans should restrict them from communicating directly with each other, and should include filters and firewall policies to prevent user-on-user attacks.
Ultimately, the most successful approaches to this significant security challenge are those that rely on a comprehensive Security Fabric approach. Combining internal segmentation firewalls (ISFWs) with integrated security tools and sensors deployed across the environment, a proactively designed security fabric can detect and filter out attack traffic and prevent criminals from exploiting mobile application vulnerabilities. Additionally, secure wireless equipment can recognize spoofed wireless networks, and automatically alert the SOC to take action.
Securing major event venues as thousands of mobile devices attempt to connect to the network is a daunting task. By staying up to date on common WI-FI attack vectors and threat intelligence, event IT teams can implement the necessary controls and strategies to thwart cyberattacks, allowing everyone to just go back to enjoying their summer.
For more detailed information on the botnets, malware, and exploits that were most prevalent in Q2 of 2019, view our latest Fortinet Threat Landscape Report.