In 2023, threats to entertainment events (e.g. in arenas and large-scale venues) are very real. They demand vigilance and team collaboration in order to mitigate escalation and prevent future occurrences down the road. With the global sports market, for example, valued at more than $623 billion (per Statista), sports teams and myriad global sporting associations harbor a wealth of valuable data that criminals can target. (Perhaps not as dramatically as the football stadium scene from “The Dark Knight Rises,” but dangers are still a reality.)
Unfortunately, this data is made increasingly vulnerable by the growing abundance of interconnected venues and the sheer number of devices – hundreds of millions, to be sure – that enter venues and interact with the environments’ networks. The potential attack surface expands, and cyber threats abound.
The long story short? Venue IT systems contain near-countless known and unknown vulnerabilities that allow bad actors to target critical business services; points of sale, infrastructure, etc. Data loss for teams, coaches, sponsors, venue workers and event attendees alike can lead to personally identifiable information being snatched away, and digital amenities like companion mobile apps and Wi-Fi hotspots are left susceptible. (Not to mention “easy” threat tactics like QR codes with malicious URLs.)
Compromise is a no-go. So, what can security operations center (SOC) teams do?
Microsoft has several answers here, one being their Microsoft Defender Experts (DEX). DEX for XDR is generally available, allowing SOCs to augment end-to-end protection and threat intelligence. Microsoft also – just earlier this morning, in fact – released the fifth edition of its Microsoft Cyber Signals report, highlighting a lot about this threat landscape and detailing what protections have been put in place as part of its Security Snapshot.
Here's the gist of it.
Microsoft knows that threat actors go where targets go, capitalizing opportunistically on high-profile events in widely connected spaces. Even a single misconfigured device or an overlooked third-party connection can lead to a data breach or intrusion.
So, Microsoft played its hand, delivering cybersecurity support to critical infrastructure facilities during the FIFA World Cup Qatar 2022.
Between Nov. 10 and Dec. 20, 2022, proactive threat hunting campaigns led to:
- 45 organizations, 100,000 endpoints, and 144,000 identities protected
- 634.6 million authentication attempts were made successfully
- 4.35 billion network connections were monitored
Microsoft’s threat-hunting team operated under a defense-in-depth (DiD) philosophy to inspect and protect devices, networks, etc. This spanned transportation, healthcare, telecommunications, and other essential functions.
“Our customers with expandingly blended environments may face problems with an array of technical difficulties that are different now than they used to be,” said Justin Turner, Principal Group Manager, Microsoft Security Research, “but the fundamentals remain the same. As a defender, you can’t defend something that you don’t see or understand.”
So, Microsoft seeks further understanding. (As defenders should.)
But it’s not all on them, obviously. User awareness and business training programs are crucial for educating about cybersecurity best practices, including recognizing crafty phishing attempts, using MFA, and more.
Additional information from Microsoft can be found here.
Edited by
Greg Tavarez