Sports-ISAO, the information sharing leader for the sport sector, has been monitoring the Methbot operation. A series of articles from us will be published about the gravity of this massive fraud upon the sport, entertainment, media, advertising and Internet industries. This first article serves as a Call to Action to the Community of Sport to collaborate with us to begin solving the hacking pandemic upon sport and society.
For background on this massive fraud, the cybercrime investigative reporter Brian Krebs produced a first rate article detailing Methbot mechanics, and the efforts of White Ops, the security company that exposed the most sophisticated criminal botnet enterprise ever discovered.
Methbot’s Ties to Sport – Ripping Off Ad Spending!
According to published data, over one-third (37 percent) of advertising revenue earned by ABC, CBS, NBC and Fox is derived from ties to sport. Data for 2014-15 put this revenue figure at nearly $8.5 billion (about $23 million of daily revenue). The White Ops Report assessed that the fraud generated up to $5 million per day, skimming the ad spend away from intended beneficiaries like the Big Four.
Sports-ISAO reviewed the White Ops data and identified that sport-related sites constituted a substantial percentage of the overall criminal enterprise. Our coordination with White Ops concerning sport ties to the date is ongoing. However, we attribute a high percentage of sport ties to the overall scheme based upon our review of the aggregate data and the assessment that sport’s attractiveness for advertising makes it a high value target for fraud.
Advertising on sport is a massive spend. Just eleven games of the NFL playoffs brings in $1.23 billion! Advertisers spent over $1.1 billion during the NCAA’s March Madness. The NBA playoffs brings in $875 million. All major sporting events generate extremely large advertising revenue to the networks. In turn, the sport franchises and leagues leverage their audience base to command massive broadcast rights contracts. The Methbot Operation jeopardizes this entire business enterprise because it infiltrated the flow of money, redirecting ad spend away from intended revenue beneficiaries.
The direct victims of the Methbot Operation are the US media companies. However, the sport industry is an indirect victim, as is the entertainment industry. The fraudulent redirection of monies reduces profits, increases counter-fraud costs, and impacts brands. Famous names, including athletes’ brands, are all impacted negatively.
Methbot’s Ties to Sport – Staging Attacks
Brian Krebs’ article also introduced potential ties to Russian cybercrime. Using threat intelligence analytics, Sports-ISAO has correlated the White Ops data with further attack vectors. The attractiveness of sport makes it a high value target for cyberattack beyond the Methbot fraud.
We have found indications that sports-related enterprises named in the White Ops Report also correlate with malicious cybercrime infrastructure engaged in ransomware activity. Analysis has pointed that this malicious infrastructure is being used as a malware dropper, with ties to the CryptXXX Ransomware and the Angler Exploit Kit.
It may be that, as White Ops has signaled, crowdsourced intelligence may reveal that Methbot is just the tip of a cybercrime iceberg. Given its sophistication, this possibility is very plausible. A concern of Sports-ISAO is that, in addition to defrauding sport, this criminal enterprise may intend to exploit sport for other attacks (inside and outside of sport).
Crowdsourcing Intelligence with the Affinity of Sport
White Ops deserves credit for exposing the Methbot and calling for a closer relationship and vigilance in the business ecosystem. The approach of greater transparency and sharing of cyber threat information aligns with national policy, as the Department of Homeland Security is calling for an improved Private-Public Partnership.
Sports-ISAO continues its crowd-sourcing and cyber threat intelligence sharing efforts with Community of Sport partners. Sport, because of its global appeal, can take a page from the Methbot playbook and put it to positive good in leading the change toward sharing cyber threat information. Sport’s attractiveness is a double-edge sword. Though an attractive target for cybercrime, it also represents the path forward for mobilizing the crowd:
Champions Are Built From a Strong Defense.