March Madness Opens the Door for March Badness...and Sadness

Written by

It’s March, and in the US that means St. Patrick’s Day, last-minute tax scrambling and, of course, March Madness. Security experts are warning that the annual college basketball tournament could turn into March Badness, if cyber-criminals have their way.

The tournament, which starts on Thursday, March 17, is one of the most watched, and anticipated, sporting events every year, up there with the Super Bowl and the World Series when it comes to enthusiasm and viewership in the States. But, games also traditionally fall during business hours, and as a result, plenty of office workers will be tuning in via their mobile devices and online to watch the action.

According to Dan Lohrmann, chief strategist and chief security officer (CSO) at Security Mentor, a Pacific Grove, Calif. security awareness training provider, security professionals at organizations of all sizes are preparing for a surge of potential March Madness related cyber-attacks through the beginning of April. This is because nearly every aspect of any employee’s involvement with March Madness could open up the employee, as well as the organization, to a number of cyber-risks.

“Cyber-criminals are well aware of the popularity of March Madness and are already preparing spear phishing emails to millions of college basketball fans, as well as non-basketball fans who are merely participating in the ever-popular office pools,” he said via email. “Organizations and their employees should all beware of spear phishing links related to college basketball games. They should also be careful of people loading unauthorized apps on their devices. For example, are these apps malware free?”

Mark Parker, senior product manager at enterprise cloud security provider iSheriff, also pointed out the potential for watering-hole attacks; employees should be careful what they Google.

“As with anything popular, criminals are drawn to an easy to exploit opportunity,” he said. “Just as thieves target frequently visited locations that provide a target rich environment, so do the online crooks behind malware. Pillagers hang out near the watering holes that draw the prey, because it is easier than hunting the prey outright.”

A few things to watch out for:

  • Rogue March Madness apps, across many device types, that promise score and bracket updates but also deliver advertising and malware
  • Thousands of drive-by and download and install malware infections from March Madness-related sites, both legitimate and spoofed
  • Phishing attacks targeting users following their March Madness brackets on popular sites such as ESPN, CBS Sports and Yahoo
  • Malware masquerading as video players that will allow the user to stream the games
  • Links posted in forums, comments and social media that promise March Madness info or streams, but only direct the user to an infected site
  • A large influx of fake betting sites used to grift the credit card info of unsuspecting users

Lohrmann also pointed out that time and bandwidth issues with streaming games on work equipment is also important because the bandwidth usage alone during the day can slow down operational systems, almost like a denial of service attack. The organization should also take the time to re-emphasize policies and procedures.

“We can certainly still have fun at work if a local team is playing,” Lohrmann said, advising, “It can be beneficial to all involved to find the time to watch the game together on a television in the breakroom and have a team-building party, etc.”

Photo © Aspen Photo/

What’s hot on Infosecurity Magazine?