Well, all I can say is that my highlight for the week is that all of us hardy Chicagoans survived what is probably the worst polar vortex every experienced. Temperatures got so cold that even parts of Antarctica were even warmer. We are now on a warming trend, and hopefully this is the end of any other polar vortex for years to come.
Apart from this, the climax to top off January and kick start February is the Super Bowl that is occurring tomorrow night, on Sunday. The two contenders for this magnificent trophy and championship are the Los Angeles Rams, and once again, the New England Patriots. It will be held for the first time at the newly built Mercedes-Benz Stadium.
I personally will not be watching the event (as I am not a huge football fan), I will be preparing for two new podcasts next weekend. But the reason why I bring up this whole topic of the Super Bowl is that, as I have written before, the Cyber attacker pounces certain times of the year, and one of them is where large groups of people will be present at one location.
In fact, although it has not received a lot of public attention in the media, the Cyberattacker has already started to dig their claws into innocent fans of this sport. For example, fraudulent ticket activity has already spiked up by almost 4%, both by nation state actors and even hackers based here in the United States (a crime ring in NYC was actually caught in this ring, just recently).
So, what is the ultimate goal of the Cyberattacker in this kind of venue? Well, it is obvious: Sell phony and fictitious tickets to command the highest price possible to anybody who is willing to pay it. In return, the victim will get a ticket that looks like the real thing, but it’s not. And unfortunately, aside from getting the free ticket, the victim is also giving away their PII which can then also be used in future cases of Identity Theft.
Typically, these large-scale ticket scams are launched by very sophisticated Phishing Attacks. In the body of the E-Mail message, the Cyberattacker attempts to create a strong sense of urgency for the victim, he or she falls for it, submits their credit card information and other forms of PII.
In these cases, the Cyberattacker has set up a fake website that looks very authentic and real, in order to lure in their bait. The TCP/IP Addresses are masked, and even phony physical mailing addresses are used to make it looks like that the website is owned by a real business entity.
In fact, the highest phony ticket price so far has been slightly over $100,000…. ouch. Who on earth would pay that kind of money just to attend an event that lasts for just a few hours? Definitely not me, primarily because I don’t even have that much money on hand.
But apart from selling phony tickets, the Cyberattacker is also looking at other ways in which they can pocket a financial gain and still have the ability to get to their victim’s PII. It has gone as far as even setting up phony hotel websites for fans to book their rooms all the way to purchasing counterfeit goods online.
In fact, thus far, there have been over 500 advertisements for the latter, but there is very little detail as to the origins of there the merchandise was being shipped from, or even where they were manufactured.
Think you might be safe at home watching the Super Bowl as it is being streamed? Think twice. This is another top place for the Cyberattacker to hang out at, and get to you. For instance, they realize that many fans are not going to pay top dollars just to watch the video on the Internet; rather, they want to find the video streams that are free to use.
In this instance, the hacker will have once again set up a phony website with the video stream, which has been infected with various of Malware, Spyware, Adware, Trojan Horses, Ransomware, etc. Beware especially of any E-Mails that state the following: “Click Here to Watch the Super Bowl in HD”.
But before even the victim can get to this stage, they will be accessed to create an online account. This is yet another way for the Cyberattacker to get to those proverbial crown jewels of the username and password.
However, Cybersecurity professionals are predicting that in the above-mentioned scenario, the victim’s computer or wireless device will face the worst kind of damage: It will be held hostage by Ransomware, and the victim will then be forced to pay the ransom in Bitcoin. My advice? Don’t pay it. If you have all of your files truly backed up, then all you have to do is just get a new computer or wireless device.
Yes, this is a pain, and will cost some money. But look at this this way: The Bitcoins that you have paid for in ransom could have been used to get a new device. And even after paying up, there is no guarantee that you won’t be hit again, or even have the ability to unlock all of your hijacked files.
Superbowl fans have been told to watch the game only through official HD streams, which are apparently free as well. The City of Atlanta has been preparing for this event, in terms of a Cybersecurity standpoint, for the past two years.
This has been a huge coordination with specialists and law enforcement officials at all levels, which have included the federal, state, and local agencies.
The Department of Homeland Security (DHS) has even categorized this year’s Superbowl event as a SEAR 1, which stands for “Special Event Assessment Rating”. This ensures that the highest level of digital Security is being deployed. In fact, there will be a central command post filled with Cybersecurity professionals that will log and analyze and each and every bit of incoming threats.
Much of this process will of course be automated, but it does take a human eye to look further into those threats that are raising a large number of red flags. Also keep in mind that this information and data that is being collected will not go to waste after the Superbowl is over. These datasets will be used to model potential Cyberthreats down the road that could occur as well at other types of similar venues.
My thoughts on this?
After writing all of this is, just stay home and watch the game on a normal TV set. Invite your friends over, and have a party. This is probably the safest way to enjoy the event, and above all, you don’t have to pay some ridiculous in order to enjoy it.
As mentioned before, although the Cyberattacker will launch their threats any time they think its viable, they will typically do it either when there are a large number of people attending a physical event, or there is another kind of event in which there will also be a large number of people filing information and data online. The perfect example of this is now the upcoming tax season.
What I just wrote about the Superbowl will be magnified at least by 100X when people filing their taxes online. It just won’t be the tax payers that will be hit, but also the tax preparers and the accountants that will be doing your taxes. After all, they have all of that PII stored somewhere – not just yours, but hundreds of other people’s as well. More on this as we come closer to filing, I promise.