This month’s NCAA Tournament is one of the most popular events in US sports. (Note to foreign readers, this is kind of like the World Cup of College sports). But, this is not a post about March Madness or sports in general.
This is a post about network security and what March Madness could mean for geeky administrators all over the country.
Obviously, an event like this will mean more Internet traffic to sports related web sites as employees clamor for the latest news on their favorite team. However, remember what happened to the Super Bowl web site. Visitors to that site were exposed to a keylogger program and that resulted in big problems.
So, it would stand to reason that the same mischief could arise again. The reason this
tactic could be so successful is because no visitor has to be tricked into viewing one of these sites. The visitor is actually searching for that site and wants to view it because it contains the information they are after. They just don’t know about the potential exploit that awaits them.
Modern hackers are not content just to create mayhem; they are after money. Hackers drool over opportunities like this. Millions of people voluntarily flocking to a web site on which they have secretly installed malicious code is a hacker’s dream come true. They can get anywhere from $0.01 to $0.30 for every piece of malicious software installed in this way. You do the math :).
So, monitor your employees’ surfing habits, possibly even installing filters to prevent access through your company network. Since the hackers are usually making use of known software vulnerabilities, make sure all your corporate software is patched. Also, make sure you use anti-malware protection and that it is up-to-date.