fbpx
Features Hub Opinion

Tackling network security during the 2019 Rugby World Cup

Fri 20 Sep 2019 |

This year’s Rugby World Cup will provide thrills, spills and potentially spoils for hackers

It’s Rugby World Cup time in Japan, with the first round of rugby union’s most elite competition kicking off over the weekend. During the next few weeks, thousands of fans will travel far and wide across the country to soak up the action. In addition to bringing bundles of optimism about their teams’ prospects, die-hard supporters will arrive armed with a legion of connected devices.

Major sporting events of this kind place untold pressures on networking infrastructure, which has to withstand millions of connection requests throughout the competition. Aside from uptime, local network teams have to be prepared for attackers intent on taking advantage of a honeypot of connected fans. 

To get a sense of the protections that need to be put in place to secure networks during pinnacle sporting events, Techerati spoke to Ronan David, VP of Strategy at networking specialists EfficientIP. 

Although the company has not been called up for World Cup networking duties, during this years’ Roland Garros grand slam tennis tournament a variety of its products were put to the test. The event had a record number of attendees (around 520,000) and the company said its network did not suffer any major breaches.

Ronan says vast numbers of fans connected to isolated networks presents a prime opportunity for hackers to target groups of people with a known common interest. In the worst-case scenario, they could wreak havoc by exfiltrating personal data and installing malware. In addition, they might coordinate volumetric attacks, where large amounts of traffic or packet requests are sent to all devices on the network, potentially delaying or blocking access altogether.

Hackers seeking financial gain will primarily target fans with phishing scams fraudulently promising cheap tickets. But it’s not just fans’ data that is at risk of course, just consider the media, teams and VIPs in attendance. Leaked data could alter betting odds and, if tactics leave the confines of the dressing room, change the course of the competition altogether.

“DNS attacks are not the only threats when it comes to network performance at sporting events,” Ronan adds. “The quality of networks and services delivered are also key to the event’s reputation. High latency, slow response times and poor coverage can prevent access to vital apps, meaning journalists and broadcasters may not be able to cover the event as intended, and sports fans may be unable to load tickets or get vital information about the ongoing events.”

It’s important to recognise that these scenarios are not far-fetched flights of fancy.

During the opening ceremony of the 2018 Winter Olympics in Pyeongchang, South Korea, servers were attacked — taking the official website offline right as the ceremony was about to begin. Attendees were left unable to print their tickets until the site was brought back online at 8 am the next day.

“Each event gets bigger and better – bigger stadiums, global broadcast coverage and more and more attendees”

As Ronan explains, the surge in the magnitude of such competitions combined with the unprecedented need for connectivity and growth in the volume of connected devices are making networks more vulnerable than ever before.

“Each event gets bigger and better – bigger stadiums, global broadcast coverage and more and more attendees,” he says. “This means millions of IoT devices connecting to the network, escalating the demand for internet access and an overwhelming volume of DNS queries during a short period of time. Networks must be able to support this strain while having protections in place to ward off any IoT devices that may be (knowingly or not) bringing malware or viruses with them.”

To maintain uptime, networks need to be constantly assessed to ensure traffic capacity is met. In the build-up to events, organisers spend a great deal of effort thinking about how they can improve the digital experience. Not only are more people attending, but more of them are attending with a view to taking advantage of these services. If estimates are not generous, slick in-game experiences will deteriorate into digital deadends.

It’s also incumbent on attendees to play their part. Ronan says fans must keep devices up-to-date, use the latest operating systems, ensure they only browse secure HTTPS denoted sites, and always think twice about handing over personal data when prompted.

“Devices which have a list of updates to implement have more security flaws and vulnerabilities which hackers can infiltrate in record time, as they will have had more exposure to older operating systems and will know how to navigate them well,” he explains.

While active monitoring is a crucial part of network security efforts, pre-competition preparation is just as important. In fact, Ronan says, the weight will always fall on preparation done before the doors have opened to define intrusions for the DNS server to be on guard for. Once these are identified, there should be no specific time to allocate for active monitoring of the network, as the product should be doing it and alerting teams to attacks automatically, he adds.

Anyone who frequently attends sporting events in the UK will be well aware that network connections are often patchy at best. Thankfully, Ronan predicts that the days of repeated refreshes during the football will soon be behind us:

“Improving connections relies upon a triad of the networks ability to handle billions of DNS requests, being able to keep up with tens of thousands of users connecting and disconnecting to the network in the stadium simultaneously and optimisation of user to app access to have quick response times. 

“Over the last couple of years, we’ve seen a real advancement in the efficiency of networks. However, when dealing with the ever-growing number of devices used during sporting events, organisers need to consider the network beforehand.”  

Written by Fri 20 Sep 2019

Tags:

cybersecurity rugby sports
Send us a correction Send us a news tip