Microsoft Warns of Growing Cyber-Threats to Sporting Events

Concern actors are increasingly able to target high-profile sporting events, “especially those in extremely connected environments, introducing cyber risk for organizers, local host facilities, and attendees,” according to the Microsoft Threat Intelligence State of Play report.

In recent years, research has shown a rise in attacks on well-known sports events and organizations. For instance, 70 % of sports organizations experience at least one attack annually, according to a report from the UK’s National Cyber Security Centre (NCSC ) from 2020.

A great field of online gaming

At the 2022 FIFA World Cup in Qatar, Microsoft supported the cybersecurity of crucial infrastructure. According to Justin Turner, Principal Group Manager at Microsoft Security Research, during this incident, Microsoft saw attackers repeatedly try to compromise connected systems through identity-based attacks.

What we observed was consistent with cybercriminals ‘ unscrupulous nature and their ability to find gaps between numerous connected systems in the context of a significant event. This type of opportunism is a major risk to account for in planning and having layered defenses in place because of the hacking economy’s large size and lower barriers to entry, he said.

In the last five years, many officially reported sport-related cyberattacks have occurred, including:

Due to the vast modern surface that needs to be protected and a higher level of cyber-physical convergence, sporting events face particular cybersecurity challenges. This implies that across various venues and arenas, a variety of related devices and interconnected networks can be exploited, as well as known and unknown vulnerabilities.

According to Turner,” The IT assets and operations are thus different in the sports landscape that there are many portable devices used by teams and staff, as well as a great deal of connectivity throughout various stadiums, training facilities, hotels, and other venues.” And because of their nature, these connections move up and down as teams finish in competitions and seasons.

He continued by saying that this makes it possible for threat actors to instantly target financial and pop-up payment systems, morally engineer attendees, and look for unpatched or misconfigured devices.

The many parties managing the different systems, such as business sponsors, municipal authorities, and third-party contractors, further complicate security.

Motivations of the Attacker

According to Microsoft’s analysis, there are “diverse and complex” types of cyber-threats to sporting events and venues, which are committed by both politically motivated actors and economically motivated cybercriminals.

• Cyber-Criminals: Contemporary sports teams, organizations, and venues are a treasure trove of useful information that cyber-criminals would enjoy. This includes information on specific information, competitive advantage, and athletic performance, making strategies like data breaches and ransomware alluring to cybercriminals.
• Socially Motivated Threat Actors: According to Microsoft, there are many reasons for nation-states to launch cyberattacks on sporting events. They also appear ready to take on attack collateral damage if it advances more general geopolitical objectives. Nation-states and hacktivist organizations frequently use DDoS attacks to disrupt events and generate publicity for their cause.

Recommendations for Cyber-Threats

Microsoft has outlined a number of suggestions to safeguard sporting events in the future, including the Australian and New Zealand women’s football World Cup in 2023:

• Increase the SOC team: Due to the overwhelming threat environment, the report emphasized the need for” an extra set of eyes monitoring the event around the clock.”
• Conduct a virtual risk assessment: Organizations should identify possible threats distinct to the pertinent event, venue, or nation in advance, in particular, while evaluating the various important stakeholders involved, such as third-party vendors, event IT staff, and sponsors.
• Put in place strict access management procedures: Simply those who require access to systems and services should be given it. Personnel should also receive training on how to comprehend access layers.
• Protect venue technology: Work with venues to protect as much infrastructure equipment, point-of-sale ( POS), and digital signage as you can. This entails creating natural network segments between IT and OT systems and updating software.
• Implement a multi-layered security framework to protect the network from unauthorized access and data breaches by installing firewalls, intrusion detection and prevention systems, and robust encryption protocols.
• User awareness: Employees, stakeholders, and event attendees should be informed about cybersecurity best practices, including how to spot phishing emails, use multi-factor authentication, update devices ‘ software.
• Nearby collaboration: In the sporting industry, effective communication between various entities is particularly crucial. Close information sharing practices should be established between teams in professional sports leagues to help prepare for and immediately respond to incidents, in addition to co-organizing with venues and sponsors.