49ers Sidelined by Ransomware Over Super Bowl Weekend

This past weekend, an estimated 112 million tv viewers tuned in to the Super Bowl LVI. Fans watched as Dr. Dre, Snoop Dog, Mary J. Blige, and other performers took the stage for a celebrated halftime show and ultimately witnessed the L.A. Rams triumph over the Cincinnati Bengals. Meanwhile, across the state, NFC runners up to the Rams, the San Francisco 49ers, suffered another crushing loss. While many Americans sat at home watching Super Bowl ad after Super Bowl ad touting cryptocurrency, hackers sought payment via crypto by extorting the 49ers in a ransomware attack.  

Red Canary has a detailed breakdown of the incident, but to summarize, the breach was carried out by ransomware group BlackByte, who exploited a Microsoft ProxyShell vulnerability to gain initial access to the team’s network. Once they gained initial access, the hackers achieved a full compromise through lateral movement across the system. Private information, including the team’s financial data, was stolen and posted on the dark web. A spokesperson for the team emphasized that they believe the attack was contained to their network and will not affect the data of third parties outside their network, like ticket holders or their home venue, Levi’s Stadium.  

Just last week, the Cybersecurity & Infrastructure Security Agency (CISA) released an alert entitled “2021 Trends Show Increased Globalized Threat of Ransomware,” reporting an unsurprising reality: ransomware remains a huge danger to our critical infrastructure and will only get worse in scale and destruction throughout 2022. The San Francisco 49ers are not exactly part of our Nation’s critical infrastructure (of course, don’t say that out loud anywhere near the Bay Area), but the attack on the team’s IT network is reflective of this rising worldwide threat. 

In their alert, CISA reported a number of top ransomware trends across the US, Australia, and the UK, including the statistic that “ransomware groups are increasingly targeting organizations on holidays and weekends.” It’s most likely not a coincidence that the football team’s breach occurred during 2022’s Super Bowl, which boasted its highest viewership in five years. Sports teams and events are becoming popular targets for hackers because these victims typically have a lot of money as well as a large amount of stored private data. This points to another trend that CISA identified in their report. The market for ransomware has become “increasingly ‘professional,’ and there has been an increase in cybercriminal services-for-hire.” Like most businesses, professional hackers want to target the most amount of money with the lowest amount of effort. BlackByte is considered a Ransomware-as-a-service (RaaS) operation. 

Across the web, commentary around the 49ers’ incident is tinged with a whiff of Schadenfreude. Isn’t it ironic that the “Silicon Valley” team was hit by a cyber-attack? Maybe. Without speculating on the team’s cybersecurity program, we know one thing to be true. It’s nearly impossible to fully prevent a ransomware attack, and it’s a waste of resources to try. The “tactics and techniques” of ransomware perpetrators will continue to evolve as hackers continue to gain a “growing technological sophistication.” With countless attack vectors vulnerable to cyber-criminals, we’ve learned that it’s necessary to maintain a cybersecurity strategy tailored to your unique environment, which includes a dynamic cybersecurity framework that can adapt to these evolving “tactics and techniques.” 

Cyber threats are progressing rapidly and show no hint of slowing down. The relative ease of carrying out a ransomware attack and the spread of mostly untraceable cryptocurrencies have made hacking a lucrative industry. No matter what measures you take, hackers will run interference to maneuver around your defensive measures. CrowdStrike reported an 82% increase in worldwide data leaks/extortion in 2021. They also identified that, on average, it takes only 98 minutes from initial access for an attacker to fully compromise a system. Since this leaves very little time to identify and act once a breach occurs, business leaders must have a response plan in place. CISOs don’t have time to be a Monday-morning quarterback when it comes to their cyber security posture. 

A major roadblock they face today is enabling their CEO and Board members to endorse these quick decisions with confidence. A risk-based approach to cybersecurity leverages cyber risk quantification (CRQ), offering a solution that can help CISOs communicate various cost scenarios and loss possibilities. The Axio360 platform aggregates this data with clear visuals and empowers CISOs to illustrate precisely where cybersecurity investments are being targeted. CEOs can see each type of breach -for example, a large-scale ransomware event- and their company’s susceptibility to said event. It answers the question, “if this type of attack happens to us, how will it impact our business?” Having this information laid out gives business leaders a significant leg up when planning cyber investments and mitigation strategies. Boost your cybersecurity game plan and learn more about how you can avoid getting sacked by ransomware by signing up for a demo today.