Securing organizations in large scale events

Securing organizations in large scale events

This year Japan is the host of multiple large scale sport events, the 2019 Rugby World Cup and the 2019 Volleyball World Cup, both nationwide events that will attract a significant number of fans to different cities across Japan [1, 2].

To have an idea of the magnitude of the 2019 Rugby World Cup in Japan, approximately 400 000 fans will arrive to Japan for the different matches from September 20. Online activity will have a drastic increase in Japan as well having as a reference the 2015 World Cup where over 270 million social media videos were viewed, 2.8 million official app downloads, and the hashtag #RWC2015 appeared twice a second [3].

It is predicted that the online activity in Japan will be larger than the last World Cup; moreover, Japan is in the top 10 countries with the fastest internet connection, which allows travelers and locals to exchange a vast amount of information.

Fans cheer up your team and secure your devices!

In this scenario, fans (local and travelers) should exercise standard security measures in order to protect their information, like:

1. VPN use when connecting through publicly available Wi-Fi spots
2. Having patched and updated all your Oss, laptops and phones
3. As a general measure, not only for these events, users should act with caution when receiving mails with attachments and follow simple rules to avoid phishing mails [4]
4. Download apps from trusted sources (Apple store or Google Play)
5. Only visit sites that have https enabled [5]

Securing IoT

The Japanese government began to scan any device that is accessible through the internet, especially IoT devices, as part of their initiative to identify devices that can be victims of brute force attacks, meaning that they are still using easy-to-guess passwords or factory default passwords. Once a vulnerable device is found, the Internet Service Provider (ISP) will be contacted in order to establish communication with the end user [9, 10].

Therefore, fans, if you haven’t updated your device’s passwords, it’s time to do it. Don’t wait until you receive a notification from the company you used to get internet access in Japan.

Securing organizations in Japan

Organizations, especially the ones who have a close relationship with any event, like sponsors for example, could become target of different types of attack from various groups of attackers.

Attackers groups could vary from people trying to learn more about Security and unwillingly cause some damage to a company infrastructure, groups of people that they have different interests like: financial, political, religious, etc., that could have much more advanced tools at their disposal to launch attacks to specific organizations’ infrastructure, and of course we have Nation State attackers who belong to different Advanced Persistent Threats (APTs) grouped according to the targets they have and the tools they commonly use [6].

Although Security Professionals we cannot precisely forecast when an attack could occur, we can continuously assess the efficiency and reliability of our set of tools. There are some steps to follow in order to efficiently test the reliability of our own tools, this is a simple guide but you can make it much more detailed if required.

Understand the company lifecycle

Having a clear idea of where are the crown jewels of your organization, where the revenue is coming from, prioritized assets, Intellectual Property (IP), internal systems that support the organization is the first and foremost important step to create the scenarios together with the full understanding of the impact on the impact if one of your priority infrastructure is compromise.

a. Collect information

The Mitre ATT&CK framework is a collection of Tactics, Techniques and Procedures (TPPs) used by different attackers groups. This information is crucial to know what to test in our security systems.

Please remember that although this is a collection of all TPPs, specific groups like APT, have their own favorite set of TPPs, there is no “magic” blueprint that can be used to generalize attacks from different groups.

An additional important set of data is the threat lifecycle, also known as kill chain model, there are many variants of this, but we can use the follow high-level steps [6]:

1. Reconnaissance
2. Weaponization
3. Delivery
4. Exploitation
5. Installation
6. Command & Control
7. Actions and objectives

b. Create scenarios

Together with the use of Frameworks like Mitre’s ATT&CK, detailed scenarios can be created according to the organization’s specific requirements [7].

Scenarios like controls against Phishing mail are common and well understood. More complex scenarios can be created but depends on your organization’s requirements.
Once the most relevant attack scenarios are ready is time to test them, a table top exercise could be used to understand not only the tool efficiency but also the process around them that are required in any organization independently of their size and nature.
Gaps resultants from the test are required to be discussed and remediated, then tested again and the cycle continues.

c. Special circumstances

In this moment Japanese organizations are, one way or another and in different levels, involved in the Rugby World Cup and Volleyball World Cup, especially sponsors, governmental organizations, partners, etc.

Those highly involved organizations need to put additional attention into the Security Landscape, if possible, adding Threat Intelligence to their normal security operations could improve their vantage point incrementing the resilience capacity of their installed tools.
Education for end users is, as always, the most one of the most important strategies available in any organization to improve their security posture. Constant training, simulations and exercises are a must for any organization to improve their preparedness for any potential security attack.

Conclusion

As a conclusion, organizations involved in big ticket events in Japan need to improve their security posture through testing, user’s training, focused threat intelligence and process improvement. Specially, when the Enthronement Ceremony for the new Emperor will happen on October 22 generating interest from a different group of attackers than the ones interested in sports [8].

Let's remember this is a rehearsal for the 2020 Tokyo Olympics.


References

[1] https://www.rugbyworldcup.com/
[2] http://worldcup.2019.fivb.com/en
[3] https://www.techradar.com/uk/news/tackling-cybersecurity-at-the-rugby-world-cup
[4] https://www.pandasecurity.com/mediacenter/security/10-tips-prevent-phishing-attacks/
[5] https://www.digicert.com/blog/buy-site-know-website-secure/
[6] https://www.sans.org/security-awareness-training/blog/applying-security-awareness-cyber-kill-chain
[7] https://attack.mitre.org/
[8] https://en.wikipedia.org/wiki/2019_Japanese_imperial_transition
[9] https://dennisludena.blogspot.com/2019/02/japanese-government-to-probe-insecure.html
[10] https://dennisludena.blogspot.com/2019/02/japanese-government-to-probe-insecure_26.html