As March Madness sweeps across the nation, the excitement and frenzy associated with the NCAA Basketball Tournament also ushers in a season ripe for cyber threats. This annual college basketball tournament, beloved by millions, creates a unique environment that cybercriminals exploit to launch sophisticated social engineering attacks. The convergence of high stakes, widespread participation in brackets and betting pools – and the surge in online activities – present an opportune moment for threat actors. Let’s discuss the cybersecurity risks associated with March Madness and outline proactive strategies to safeguard against these threats.

The cybersecurity risks of March Madness

March Madness is a prime time for cybercriminals to deploy a variety of social engineering tactics. From phishing lures related to bracket participation to fake sporting-themed websites offering free streaming, the methods these bad actors use are diverse and cunning. These attacks aim to steal credentials, commit credit card fraud, and ultimately breach corporate networks. The excitement and distraction that comes with the tournament only heighten the effectiveness of these tactics, making unsuspecting employees and fans easy targets.

Understanding the threat landscape

Phishing attacks, particularly those leveraging March Madness themes, are becoming increasingly sophisticated, making them difficult for users to detect. Cybercriminals craft realistic-looking pages and employ seedy social engineering techniques to lure victims. The goal is often credit card fraud, corporate espionage, or planting ransomware within networks. Fake bracket scams, ticket offers, charity organizations, and betting sites are just a few examples of how these actors operate, preying on the enthusiasm and gambling spirit of the tournament.

Tactics, techniques, and procedures to prevent March Madness breaches

Spear Phishing

Spear phishing is a targeted form of phishing that involves sending personalized, fraudulent emails to trick individuals into revealing personal information, downloading malware, or accessing malicious websites. During events like the March Madness basketball tournament, attackers often use the excitement and distractions to their advantage, crafting emails related to the event, such as offering fake tickets or betting opportunities, to lure victims. These attacks can lead to data breaches, financial loss, and other cybersecurity issues for both individuals and organizations engaged with the tournament.

Actionable steps: Implement anti-phishing training for employees, use email filtering to detect phishing attempts, and deploy multi-factor authentication (MFA) to mitigate the risk of credential compromise.

Drive-by Compromise

A drive-by compromise occurs when unsuspecting users visit a legitimate but compromised website, leading to the automatic download of malware. During March Madness, attackers might exploit the increased search for game scores, streaming sites, or tournament updates by compromising these types of websites. Unsuspecting fans looking for tournament information could unknowingly become victims of malware infections, risking personal data and device security. This emphasizes the need for updated, secure browsing practices, especially during high-traffic events like March Madness.

Actionable steps: Ensure browsers and plug-ins are up-to-date, deploy web filters to block known malicious sites, and educate users to avoid unknown websites offering streaming or betting services.

Fake security software or impair defenses: Spoof Security Alerting

Fake security software or impair defenses, such as spoof security alerting, involves tricking users into believing their device is at risk or already compromised, often prompting them to download malicious software disguised as a security solution. During March Madness, fans seeking to protect their devices while streaming games or accessing tournament sites might fall victim to these scams. This exploitation of heightened cybersecurity awareness can lead to malware infections or data breaches, emphasizing the importance of sourcing security software from reputable providers.

Actionable steps: Use reputable endpoint protection solutions, maintain up-to-date software inventories, and educate users on downloading software only from trusted sources.

Credential dumping

Credential dumping refers to the process of obtaining account login and password information from a system, which attackers then use to gain unauthorized access to additional systems or data. During events like March Madness, attackers might target fans or organizations involved in the tournament, exploiting the increased online activity and lowered guard around security. Fans eager for updates or access to exclusive content might inadvertently expose their credentials on malicious sites, or organizations might face breaches aiming to access valuable data. This tactic can lead to unauthorized access and further compromise of personal or organizational assets.

Actionable steps: Monitor system logs for unusual access patterns, use privileged access management solutions, and regularly change and audit passwords.

Business Email Compromise (BEC)

Business Email Compromise (BEC) is a type of cyber attack where criminals trick individuals into making financial transactions or sharing sensitive information by masquerading as a trusted entity in an email. During March Madness, attackers might impersonate tournament organizers, ticket sellers, or betting platforms in emails to fans and organizations, leveraging the heightened interest and activities surrounding the basketball tournament. This could lead to financial losses or data breaches, as recipients are deceived into transferring money or disclosing confidential data under false pretenses.

Actionable steps: Implement email rules that flag emails with extensions similar to company email, verify changes in payment details or requests for sensitive information through a secondary communication channel, and conduct regular BEC training.

Masquerading

Masquerading in cybersecurity refers to attackers disguising malicious activity under legitimate names or domains, tricking users into trusting them. During March Madness, attackers could create websites or send communications that appear to be related to the tournament, enticing fans into clicking on malicious links or revealing personal information. This deceptive tactic exploits the excitement and distraction of the event, increasing the risk of security breaches and data theft as fans might lower their guard in pursuit of tournament-related content or opportunities.

Actionable steps: Use DNS filtering to block malicious domains, implement strict external email marking policies, and train users to inspect URLs carefully before providing any information.

External Remote Services

External remote services refer to technologies that allow remote access to a network, such as VPNs and remote desktop protocols. During March Madness, the increased use of these services by fans streaming games or accessing tournament-related systems from outside the office can expose networks to cybersecurity risks. Attackers may exploit these services to gain unauthorized access to network resources, leveraging the high traffic and lowered guard associated with the event’s excitement. It underscores the importance of securing remote access points, especially when public interest events heighten cybersecurity threats.

Actionable steps: Ensure that remote access to the network is secured with VPNs, MFA, and is monitored for unusual activity.

Additional strategies to combat ransomware threats during the tournament

In the face of these advanced threats, traditional user training and network security measures may fall short. Instead, organizations need to adopt a multi-faceted approach to cybersecurity, emphasizing real-time detection and proactive defense mechanisms.

Secure BYOD and dual-purpose devices

The use of personal devices for work, especially in a remote or hybrid work environment, increases the risk of security breaches. Organizations should enforce strict BYOD policies and educate employees on the dangers of downloading malicious browser extensions or disclosing login credentials.

Promote caution with brackets and office contests

Encouraging a culture of cybersecurity awareness can go a long way in preventing ransomware attacks. Employees should be advised to engage only with trusted sources when participating in March Madness activities and to be wary of providing personal or financial information.

Implement real-time detection security tools

Given that many phishing sites are ephemeral, existing only long enough to cause damage, traditional security tools may not respond quickly enough. Leveraging SecurityScorecard’s solutions to detect zero-hour threats can offer a more effective defense. This technology enables the detection of even the most elusive threats in real time, providing comprehensive protection across email, mobile, and web messaging apps.

Limit personal data exposure

When participating in any online activity related to March Madness, employees should be reminded to limit the personal data they share. Only essential information, such as names and email addresses, should be provided, and any request for additional personal or financial data should be treated with suspicion.

In closing 

As March Madness ignites passions and brackets fill up, it’s not just the on-court action that heats up but also the cyber world’s dark corners, where opportunistic hackers lurk, ready to spring their traps on the unwary. The tournament’s allure makes it an attractive playground for these cyber predators, employing cleverly disguised threats under the guise of fan excitement. Protecting your digital realm requires more than just routine vigilance; it calls for a blend of savvy, strategy, and a proactive stance on cybersecurity. By fortifying your network defenses with knowledge, updated tools, and a sprinkle of caution, you can enjoy the thrills of the game without falling prey to the shadowy side of March Madness.

Don’t let the excitement of the tournament cloud your judgment on cybersecurity. Stay informed, stay prepared, and may your brackets—and networks—remain secure.