International. Euro 2020 is one of the biggest sporting events taking place in over a year. As with any event of this size we can expect cybercriminals to be fit and ready to go. Online gaming, gambling, and e-commerce services in particular are likely to be targeted as the hype of events increases and online activity increases.
Here are some of the threats to be taken into account during Euro 2020 (and beyond):
Defend against DDoS
While a DDoS attack can have a massive impact on any business, online gaming sites are especially vulnerable.
DDoS activity is already increasing. Data collected by F5 Silverline Security Operations Center (SOC) and F5 Security Incident Response Team (SIRT) recently found that DDoS attacks increased by 55% between January 2020 and March 2021. The majority of those incidents (54%) used multiple attack vectors, suggesting a growing sophistication of increasingly determined attackers.
There are several reasons why cybercriminals choose to target these types of companies. The most obvious is financial gain, using the threat of a DDoS attack to demand a ransom. Other motivations could include attacks on behalf of the competition, threat actors looking to use a DDoS attack as a distraction, or simply hackers looking to make a name for themselves.
The good news is that there are several ways to bolster your defenses. A solution like F5 Silverline DDoS Protection is a good example. Delivered through a cloud-based platform, it can detect and mitigate in real time, and even stop volumetric DDoS attacks from reaching the network. The service is backed by 24/7 access to a team of SOC experts to keep businesses online during DDoS attacks through comprehensive L3-L7 multi-layer protection.
The following technical/preventive security controls are also recommended to protect against DDoS attacks:
- Use web and network application firewalls.
- Use a network-based intrusion detection system.
- Apply patches promptly to prevent your systems from being used to launch attacks.
- Block traffic with spoofed source IP addresses.
- Show cybercriminals the red card
Other cybercriminal tactics to consider include form hijacking. Currently, one of the most common web attack tactics involves diverting data from an organization's web browser to a location controlled by the attacker.
As more web applications connect to critical components such as shopping carts, card payments, advertising, and analytics, vendors become a huge target.
Typical security measures that can help organizations stay secure include:
- Create a list of web application assets. This should encompass a thorough audit of third-party content. The process is complicated because third parties often link to more websites.
- Patch the environment. While the patch won't necessarily fix flaws in third-party content, it makes it harder to scale from an initial foothold to a substantial compromise.
- Vulnerability scanning. It is important to run external scans to get a hacker's view of the situation. This becomes even more important when handling large amounts of content at the last minute on the client side.
- Monitoring of code changes. Regardless of where the code is hosted, it's important to get an extra degree of visibility, regardless of whether new vulnerabilities are emerging.
- Multi-factor authentication (MFA). It should be implemented in any system that connects to high-impact assets. An advanced WAF can offer improved levels of application layer visibility and control to help mitigate the risks of polymorphic and distributed injection.
- Supervise newly registered domains and certificates. They are often used to host malicious scripts and at the same time appear genuine to end users.
Combat phishing
Phishing is another favorite of always. Attackers don't have to worry about hacking into a firewall, finding a zero-day exploit, or cracking encryption. It's much easier to trick someone into handing over their credentials. The hardest part is creating a compelling email message for people to click through and a fake site to land on.
According to F5 Labs' latest phishing and fraud report, 52% of phishing sites use common brand names and identities in their website addresses. Phishers have also stepped up their efforts to make fraudulent sites look as genuine as possible: F5 SOC data cited in the report found that most phishing sites took advantage of encryption, with 72% using valid HTTPS certificates to trick victims.
"Every organization will be targeted by phishing attacks at some point, whether targeted or indiscriminate. Unfortunately, not all organizations implement robust information security management frameworks. The threats detailed above are not an exhaustive list, cybercriminals are extremely adept at taking advantage of the twists and turns related to events such as Euro 2020, so you have to stay alert, look for the right security solutions and always try to keep up with the changing mindsets and capabilities of the attackers." said Carlos Ortiz Bortoni, Country Manager of F5 Mexico.
