main

Application SecurityPhishingSecurity

How Secure Is Your Digital Super Bowl Experience?

January 30, 2019 — by Daniel Smith0

Stadium-960x640.jpg

Over the last few years I have traveled around the world, researching and watching stadiums digitally evolve from the structures I once knew as a kid. I grew up watching the San Diego Chargers play in what was then called Jack Murphy Stadium and now find myself looking at stadiums from a totally different perspective.

As Super Bowl 53 approaches, my attention, along with Radware’s ERT, turns to the crowds and the target rich environments created by high profile sporting events.  This Super Bowl, like years before, will bring large crowds once again that will demand connectivity and are expected to consume record breaking volumes this year. Extreme Networks reported that last year’s attendees at Super Bowl 52 in Minnesota transferred 16.32 Terabytes of data with a peak rate of 7.867 Gbps!  This is an enormous demand for connectivity and the technology involved could poses a security risk for event organizers, partners, sponsors and attendees as their activities in the stadium begin to produce more digital oil–data.

A Seamless Digital Game Day Experience

There are few sporting events in the world as large as the Super Bowl. Last year there was an estimated 103 million viewers. The Super Bowl generates a lot of excitement from media, fans and the public. Beyond the hype of the game itself, there is a variety of multimedia technology available to fans, providing a more immersive and interactive experience. These experiences include Super Bowl Live, a 6-day series of concerts and events in Centennial Olympic Park in Downtown Atlanta, and the Super Bowl Experience, an 8-day event full of exhibits and interactive games inside the Georgia World Congress Center. Other events also include the Verizon Experience, which will showcase how 5G wireless technology will change the fan experience in stadiums going forward (something I’m personally looking forward to seeing).

To ensure Super Bowl attendees have a seamless digital experience, the NFL, Georgia World Congress Center, AMB Sports and Entertainment Group, and leading wireless carriers have made major investments into the construction and deployment of the current networks surrounding the stadium in order to maintain a high quality of service for the attendees and vendors at the Super Bowl. The stadium provides 15,000 Ethernet ports, 1,800 access points and a Distributed Antenna System (DAS), for enhanced cellular coverage. The DAS system is owned by the stadium and rented out to the four major US cellular carries for additional coverage. The stadiums WiFi is also provided by AT&T and consists of two redundant 40gb connections. The stadium also contains 2,000 IPTV for delivering game content provide by AT&T’s DirectTV. These features and network help ensure fans can watch, eat, share, download and communicate their game day experience with others.

When it comes to planning for the future, the stadium has pulled its fiber optics as close to the access points as possible, terminating in mini intermediate distribution frames (IDF) throughout the stadium. The network gear is from Aruba and Hewlett Packard Enterprise while others involved with the network include IBM, Corning and ThinkAmp. Recently, IBM and Corning built one of the more technology advanced stadiums with a blazing fast network for Texas A&M.

Wireless Access Point Under Stadium Seating

What’s more, Mercedes-Benz Stadium also promotes a mobile app. While this app is not as cutting edge as the one for Levi Stadium, for example, it does include information about the stadium, news, scores, as well as viewing, buying and transferring tickets and parking.

Assessing The Risks

There is always a potential risk at large sporting events like the Super Bowl. Even the smallest network outage could leave attendees unable to use their digital tickets to enter the game. Organizations such as the NFL, Patriots, Rams, Georgia World Congress Center, AMB Sports and Entertainment Group, wireless carriers, IBM Cloud, AT&T network or media outlets, as well as those considered partners, sponsors or supporters of Super Bowl 53, should take extra precautions and have an emergency plan in place.

For the Super Bowl, most cybercriminals will be focused on identity and financial theft in the days leading up to the game. These attacks will often be baited with promotions for Super Bowl ticket or a trip giveaway to Atlanta.

One of the other concerns at the Super Bowl will surround protecting critical applications and networks that support the events, hosted both locally and in the cloud. Broadcast networks, industrial control systems, civil-service networks and other related systems are all at risk as well. While there hasn’t been a recent attack of scale reported against the Super Bowl, last year we did witness a piece of malware named Olympic Destroyer that targeted and disrupted the opening ceremonies and entry into the 2018 Winter Olympics.

Indeed, major sporting events create a platform for cybercrime, though recently most cybercriminals have been focused on identity theft by spreading malicious software in a number of ways that’s designed to harvest and steal personal information. Today’s High Density (HD) Stadiums, theaters, arenas and amphitheaters require small cells, WIFI and DAS deployments to serve their demanding environment. Often, the technologies designed to enhance the spectators’ experience, such as Wi-Fi, Bluetooth and other digital services, are easily exploited to harvest information from attendees.

Protect Yourself

Technology can provide a more immersive and rewarding experience for fans, but it also create problems and security risks for those managing the event. Here are a few tips to consider if you’ll be joining me in the chaos next weekend in Atlanta for Super Bowl 53.

  • Charge your phone; you’re going to need that power to capture the experience
  • Ensure your phone is updated with the latest operating system
  • Disable Bluetooth when not in use
  • Disable Wi-Fi when not in use
  • Use the official event Wi-Fi when device is in use ‘attwifi’ (there will be no portal or advertisements. Join to Connect.)
  • Always use a VPN when using public Wi-Fi
  • Be careful when using ATMs – Understand how to spot and avoid card skimmers gathering card data.
  • Exercise caution when presented with pop-ups while browsing
  • Avoid NFL-related scams delivered via email.

BotnetsBrute Force AttacksDDoS AttacksPhishing

Top 6 Threat Discoveries of 2018

December 18, 2018 — by Radware0

AdobeStock_192801212-960x540.jpg

Over the course of 2018, Radware’s Emergency Response Team (ERT) identified several cyberattacks and security threats across the globe. Below is a round-up of our top discoveries from the past year. For more detailed information on each attack, please visit DDoS Warriors.

DemonBot

Radware’s Threat Research Center has been monitoring and tracking a malicious agent that is leveraging a Hadoop YARN (Yet-Another-Resource-Negotiator) unauthenticated remote command execution to infect Hadoop clusters with an unsophisticated new bot that identifies itself as DemonBot.

After a spike in requests for /ws/v1/cluster/apps/new-application appeared in our Threat Deception Network, DemonBot was identified and we have been tracking over 70 active exploit servers that are actively spreading DemonBot and are exploiting servers at an aggregated rate of over 1 million exploits per day.

[You may also like: IoT Botnets on the Rise]

Credential Stuffing Campaign

In October, Radware began tracking a credential stuffing campaign—a subset of Bruce Force attacks—targeting the financial industry in the United States and Europe.

This particular campaign is motivated by fraud. Criminals are using credentials from prior data breaches to gain access to users’ bank accounts. When significant breaches occur, the compromised emails and passwords are quickly leveraged by cybercriminals. Armed with tens of millions of credentials from recently breached websites, attackers will use these credentials, along with scripts and proxies, to distribute their attack against the financial institution to take over banking accounts. These login attempts can happen in such volumes that they resemble a distributed denial-of-service (DDoS) attack.

DNS Hijacking Targets Brazilian Banks

This summer, Radware’s Threat Research Center identified a hijacking campaign aimed at Brazilian Bank customers through their IoT devices, attempting to gain their bank credentials.

The research center had been tracking malicious activity targeting DLink DSL modem routers in Brazil since early June. Through known old exploits dating from 2015, a malicious agent is attempting to modify the DNS server settings in the routers of Brazilian residents, redirecting all their DNS requests through a malicious DNS server. The malicious DNS server is hijacking requests for the hostname of Banco de Brasil (www.bb.com.br) and redirecting to a fake, cloned website hosted on the same malicious DNS server, which has no connection whatsoever to the legitimate Banco de Brasil website.

[You may also like: Financial Institutions Must Protect the Data Like They Protect the Money]

Nigelthorn Malware

In May, Radware’s cloud malware protection service detected a zero-day malware threat at one of its customers, a global manufacturing firm, by using machine-learning algorithms. This malware campaign is propagating via socially-engineered links on Facebook and is infecting users by abusing a Google Chrome extension (the ‘Nigelify’ application) that performs credential theft, cryptomining, click fraud and more.

Further investigation by Radware’s Threat Research group revealed that this group has been active since at least March 2018 and has already infected more than 100,000 users in over 100 countries.

[You may also like: The Origin of Ransomware and Its Impact on Businesses]

Stresspaint Malware Campaign

On April 12, 2018, Radware’s Threat Research group detected malicious activity via internal feeds of a group collecting user credentials and payment methods from Facebook users across the globe. The group manipulates victims via phishing emails to download a painting application called ‘Relieve Stress Paint.’ While benign in appearance, it runs a malware dubbed ‘Stresspaint’ in the background. Within a few days, the group had infected over 40,000 users, stealing tens of thousands Facebook user credentials/cookies.

DarkSky Botnet

In early 2018, Radware’s Threat Research group discovered a new botnet, dubbed DarkSky. DarkSky features several evasion mechanisms, a malware downloader and a variety of network- and application-layer DDoS attack vectors. This bot is now available for sale for less than $20 over the Darknet.

As published by its authors, this malware is capable of running under Windows XP/7/8/10, both x32 and x64 versions, and has anti-virtual machine capabilities to evade security controls such as a sandbox, thereby allowing it to only infect ‘real’ machines.

Read the “IoT Attack Handbook – A Field Guide to Understanding IoT Attacks from the Mirai Botnet and its Modern Variants” to learn more.

Download Now

PhishingSecurity

The New Face of Social Engineering and Fraud

May 28, 2014 — by David Hobbs4

Nearly every one of us has had some sort of social engineering or "Phishing" scam attempted on us and some of us, unfortunately, have even learned the lessons from the scam the hard way. I know how excited I was the first time somebody wanted to share $8M dollars with me from my long lost Uncle Frederick Hobbs IV, heir to the estate of the late Frederick the Great or some other nonsense. I immediately daydreamed about what color the new cool car I would buy with cash would be.

Attack MitigationPhishingSecurity

Credit Card Breach at a Major U.S. Retailer – Are you one of the 40 Million Targeted?

December 20, 2013 — by David Hobbs0

If you’re one of the 40+ million people who went shopping this holiday season at Target, hackers may have stolen the information that’s carried on the magnetic strip of your credit or debit card attained from a data breach. The breach impacted customers who shopped in their U.S. stores from November 27th to December 15th according to a public statement made on their corporate website.

Application SecurityAttack MitigationBotnetsBrute Force AttacksDDoS AttacksHTTP Flood AttacksPhishingSecuritySecurity VirtualizationSEIMWeb Application Firewall

eCrime Congress in Germany: Restoring the Equilibrium of Attackers Vs. Defenders

February 8, 2013 — by Ron Meyran0

Last week, I attended eCrime Congress in Frankfurt, Germany. Held on January 30,Radware was one of the sponsors of the event, which featured a lecture track that ran throughout the day and included breaks for the sponsors’ pavilion.

Application SecurityAttack MitigationBotnetsBrute Force AttacksDDoS AttacksHTTP Flood AttacksPhishingSecuritySecurity VirtualizationSEIMWeb Application Firewall

New Attack Trends – Are You Bringing a Knife to the Gunfight?

January 22, 2013 — by Ziv Gadot0

Today, we launched our 2012 Global Application and Network Security report. It was prepared by our security experts – the Emergency Response Team (ERT) – who’ve seen their fair share of cyber attacks while actively monitoring and mitigating attacks in real-time. In this year’s annual report, our experts have uncovered several new trends in cyber-security worthy of a closer look.

Application SecurityAttack MitigationBotnetsBrute Force AttacksDDoS AttacksHTTP Flood AttacksPhishingSecurity VirtualizationSEIMWeb Application Firewall

Last Week to Participate! Attack Mitigation Black Belt Final Round Begins Today.

July 16, 2012 — by Carl Herberger0

If you’ve been waiting, now’s the time to participate – the last week of Radware’s Attack Mitigation Black Belt Challenge begins today and ends this week. And what a challenge it is! More and more people are participating each week and the leader board has changed hands a number of times – with the standing after the Red Belt challenge resulting in a tie for first place!

Application SecurityAttack MitigationBotnetsBrute Force AttacksDDoS AttacksHTTP Flood AttacksPhishingSecurity VirtualizationSEIMWeb Application Firewall

Calling All Attack Mitigation Experts – Red Belt Round Begins Today!

July 9, 2012 — by Carl Herberger0

Two more weeks left in the Attack Mitigation Black Belt Challenge and congratulations to all who have earned a green belt. As we head into the next round of progressively difficult questions, we have a fierce competition for the Champion. “Brewer” is giving “dh” a run for the money, with only one second separating these first and second place contenders. Check out the Leader Board for the rankings.

Application SecurityAttack MitigationBotnetsBrute Force AttacksDDoS AttacksHTTP Flood AttacksPhishingSecuritySecurity VirtualizationSEIMWeb Application Firewall

Are you ready for your Green Belt in Attack Mitigation?

July 2, 2012 — by Carl Herberger0

Knowledge Test Overview

Wow! The Attack Mitigation Black Belt Challenge is only two weeks old and already we have dueling leaders and intense competition.

People from all over the world are participating in Radware’s first Attack Mitigation Black Belt Challenge and only seven seconds separates the current leader, “dh”, from the fifth place position. It is apparent that some questions were stumbling blocks as we had two questions in the Yellow Belt round that only 10% of the participants could answer properly.