David Warburton, Principal Threat Evangelist at F5 Labs
The delayed Euro 2020 Championships kicked off this week, marking the start of one of the largest sporting events to take place in more than a year.
As with any event of this size, we can expect online activity to spike and cybercriminals tobe match fit and ready to go.
Here are some of the risks businesses should look out for during the Euros (and beyond!).
While a DDoS attack can have a massive impact on any business, online gaming sites are especially vulnerable. In the lead-up to any match in the championship, the number of people participating in online activities related to the championship will increase and, through an almost infinite variety of options at their fingertips, continue throughout the game. Attackers know this and often adjust their tactics and timings accordingly.
DDoS activity is already on the rise. Data collected by the F5 Silverline Security Operations Center (SOC) and F5 Security Incident Response Team (SIRT) recently found that DDoS attacks were up by 55% between January 2020 and March 2021. A majority of those incidents (54%) used multiple attack vectors, suggesting a growing sophistication of increasingly determined attackers.
The most obvious motivation is financial gain, using the threat of a DDoS attack to hold them to ransom. Other potential motivations could include attacks on behalf of competitors, threat actors looking to use a DDoS attack as a diversion, or simply hackers looking to make a name for themselves.
The good news is that there are several ways to shore up your defenses. Increasingly, this involves stopping attacks from reaching the enterprise network by leveraging cloud-based managed services.
A solution like F5 Silverline DDoS Protection is a good example. Delivered via a cloud-based platform, it can detect and mitigate in real-time, stopping even the largest volumetric DDoS attacks from reaching the network. The service is supported by 24/7 access to a team of SOC experts to keep businesses online during DDoS attacks via comprehensive, multi-layered L3–L7 protection.
The following technical/preventive security controls are also recommended to protect against DDoS attacks:
Other opportunistic cybercriminal tactics to keep an eye on include formjacking. Currently one of the most common web attack tactics, this involves siphoning data from an organization’s web browser to an attacker-controlled location.
As more web applications connect to critical components such as shopping carts, card payments, advertising, and analytics, vendors become an outsized target. Code can be delivered from a wide range of sources – almost all of which are beyond the boundaries of usual enterprise security controls such as proxies and web application firewalls. Since many websites make use of the same third-party resources, attackers know that they just need to compromise a single component to skim data from a huge pool of potential victims.
Typical security measures that can help organizations stay safe include:
Phishing is another perennial favorite. Attackers don’t have to worry about hacking through a firewall, finding a zero-day exploit, deciphering encryption, or rappelling down an elevator shaft with a set of lockpicks in their teeth. It is far easier to trick someone to hand over their credentials. The hardest part is coming up with a convincing email pitch to get people to click on, and a fake site to land on. Expect a glut of these throughout the tournament.
According to F5 Labs’ latest Phishing and Fraud report, 52% of phishing sites used common brand names and identities in their website addresses. Phishers have also intensified efforts to make fraudulent sites appear as genuine as possible: F5 SOC data cited in the report found that most phishing sites leveraged encryption, with a full 72% using valid HTTPS certificates to trick victims. This means simply looking for the padlock (or an address that starts with https://) is no longer enough. In fact, it’s actively dangerous to advise this, since it implies that sites are inherently trustworthy simply by having a digital certificate.
Every organization will be a target of phishing attacks at some point, whether those attacks are directed or indiscriminate. Unfortunately, not all organizations implement robust information security management frameworks.
The NIST Five Functions provide a useful way to think about any cyber threat but, regardless of the lengths businesses go to protect their brand and their customers, phishing attacks will continue to be successful as long as there is a human that can be psychologically manipulated in some way. That’s why security controls and web browsers alike must become more proficient at highlighting fraudulent sites to users. Individuals and organizations also need to be continuously trained on the latest techniques used by fraudsters, from deceptive URLs to the abuse of HTTPS certificates.
The threats detailed above are not an exhaustive list. There are others. Remember, cybercriminals are extremely adept at taking advantage of the twists and turns related to events like Euro 2020. Stay alert, seek out the right security solutions, and always try to keep up with shifting attacker mindsets and capabilities.