For cybersecurity pros, a perfect Super Bowl performance this weekend means stopping hackers before they ever reach the field.

Why it matters: The Super Bowl has always been a breeding ground for sensitive data, from stadium WiFi networks and mobile payment systems to fans' personal devices and the NFL's corporate infrastructure.

• If a hacker finds just one way in, they could make off with a treasure trove of data — fan credentials, payment information, and even operational technology — that could be resold or exploited on the dark web.

The big picture: TSA estimates 42,000 travelers will come through the New Orleans airport alone for Sunday's showdown between the Kansas City Chiefs and the Philadelphia Eagles.

• The city has also ramped up security at the Caesars Superdome following January's terrorist attack in the French Quarter.

Zoom in: Cisco, an NFL partner, has had a team working 24/7 since Monday to keep hackers at bay, protecting not just the stadium but also nearby vendors and affiliated networks, Mike Storm, distinguished engineer at Cisco, told Axios​.

• Cisco has helped secure the last four Super Bowls and started preparations for this weekend's game two years ago.​
• The company declined to disclose the exact number of employees dedicated to the Super Bowl but confirmed it stands up its own security operations center and works with internal teams worldwide to protect the event​.
• Beyond the stadium, cybersecurity efforts extend across hotels, vendors, and local businesses tied to the Super Bowl. "It's not a day — it's a week," Storm said​.

Threat level: Hackers stealing sensitive data is one of the top concerns for Super Bowl organizers, Storm said.

• Cyber risks go beyond just stolen credentials. Power stations, communication networks, video displays, broadcasting systems, and payment infrastructure are all potential targets, Shimon Modi, VP of product management at Dataminr​, told Axios.
• Companies working with the NFL need to be prepared for ransomware that can lock down critical systems, distributed denial-of-service attacks that can overload networks, and third-party supply chain attacks targeting partners, Modi said.
• Meanwhile, fans should be wary of phishing scams impersonating betting sites, ticket vendors, and hotel registration platforms to steal login credentials and financial data, Modi warned​.
• "Bad things are going to happen," Modi said. The question is: "How do you stay operational?"

Adding to the challenge, attackers are increasingly weaponizing AI. Storm noted that AI-powered tools like WormGPT and FraudGPT are fueling identity-based attacks, which now account for 91% of all cyberattacks​.

• "They don't have to grab admin identity, they can use anyone. They just need one, just one, that's all it takes," he said​.

The big picture: Live events have long been a high-value hacking target, especially for groups looking to cause disruption rather than steal data.

• Hackers disrupted the 2018 Olympics' opening ceremony livestream, and cyberattacks have loomed over major sporting events since​.
• Scammers ramp up activity around big games, luring fans with phishing emails and fake ticket sales​.

The intrigue: This year's Super Bowl brings even more attention because of high-profile guests like Taylor Swift and President Trump.

• "The presence of certain individuals — who shall not be named — always increases the attack surface," Storm said, referencing Swift's attendance at last year's game​.

The bottom line: If all goes well, fans won't notice the behind-the-scenes battle cybersecurity teams are waging.

• "Our goal is to make cybersecurity, as intense as it might be, as invisible to the fan experience as possible," Storm said.

For the past week, Americans have been bombarded with reports of Elon Musk and his team of 20-something IT workers allegedly gaining access to sensitive government systems.

Reality check: The speed at which the Department of Government Efficiency is moving is not normal. Many of these actions likely violate federal privacy and security laws.

State of play: Musk and his team have now infiltrated the Treasury Department, the Office of Personnel Management, the Centers for Medicare & Medicaid Services, the National Oceanic and Atmospheric Administration, the Department of Education, USAID and more.

• Musk has now set his sights on the FAA, and the Department of Labor and the Small Business Administration fear they'll be next. DOL workers have already sued to block DOGE from accessing their data, which includes information about workers' compensation cases.
• On Tuesday, OPM made agency CIOs political appointees, stripping them of their previous impartiality.
• Meanwhile, Wired reported yesterday that one of Musk's allies was linked to a Telegram account that solicited a "cyberattack-for-hire service" in 2022.

The other side: The White House insists Musk and his team have done nothing illegal.

• Treasury Secretary Scott Bessent said that he personally vetted Musk's Treasury hires and that no "tinkering" has occurred with the payment system.
• Musk also reportedly holds a top security clearance and is classified as a "special government employee."

Threat level: Experts warn that the national security risks are immense. Some reports say a DOGE staffer has used personal Gmail accounts to access government meetings and AI tools hosted on commercial cloud services.

• Before the Trump administration, Chinese hackers had already compromised Treasury networks and major U.S. telcos—including Trump's personal phone.

What we're watching: Courts are beginning to restrict some of Musk's access, and Democratic lawmakers are demanding answers about DOGE's security clearances.

Yes, but: Legal and congressional processes are slow — Musk's team may be able to exfiltrate data or deploy code before any real consequences materialize.

📬 I'm continuing to dig into this. If you're a federal employee, government official, former cyber official, or IT contractor, reach out via Signal (@SamSabin.01) on a nonwork device. Anonymity can be granted.

Ransomware gangs didn't profit last year as much as they usually do, according to new Chainalysis data.

Why it matters: Cybercrime follows the money, and if criminals are seeing losses, they're likely to abandon their quests.

By the numbers: Ransomware victims paid attackers roughly $813.55 million in cryptocurrency in 2024 — a 35% drop from 2023's record-setting $1.25 billion.

• The second half of 2024 saw an even sharper slowdown, with ransomware payment totals declining after July.

The big picture: Law enforcement disrupted the operations of several notable ransomware gangs in recent years, including LockBit and BlackCat, which experts say contributed to the decline in the number of payments.

Between the lines: Many ransomware victims pay only if they lack data backups or fear data leaks.

• The widening gap between ransom demands and actual payments suggests victims are increasingly refusing to pay, possibly due to better backups and improved cybersecurity hygiene, per Chainalysis.

The intrigue: Chainalysis initially expected 2024's ransomware payments to surpass 2023's total after a strong start to the year.

Yes, but: Despite the decline in payments, the number of reported ransomware incidents on dark-web leak sites hit an all-time high, according to the report.

• This could suggest that while attackers are targeting more victims, fewer are giving in to ransom demands.

@ D.C.

👀 Employees at the Cybersecurity and Infrastructure Security Agency are now allowed to take the Trump administration's deferred resignation offer after DHS initially said they would be exempted. (Nextgov)

💰 The Trump administration agreed to temporarily restrict DOGE's access to Treasury's payment system information. (Axios)

❌ Lawmakers introduced a bill that would ban DeepSeek from government-owned devices. (Wall Street Journal)

@ Industry

🚪 The British government has secretly ordered Apple to create a back door in its encryption that would let officials retrieve all content any Apple user worldwide has uploaded to the cloud. (Washington Post)

📈 SolarWinds has entered an agreement to delist from the New York Stock Exchange and be acquired by private equity firm Turn/River Capital. (Seeking Alpha)

💸 Semgrep, which makes software to help engineers find security flaws in their source code, raised a $100 million Series D round led by Menlo Ventures. (Wall Street Journal)

@ Hackers and hacks

🚔 Spanish police arrested a hacker accused of attacking the U.S. Army, the United Nations, the International Civil Aviation Organization, NATO and government offices in Spain. (The Record)

🏨 A hacker listed a sample of a database allegedly stolen from the Trump Hotels' email notification system on a dark web forum. (Cybernews)

🇺🇸 Spyware maker Paragon Solutions, whose tools were used in a recent hacking campaign targeting around 90 journalists and civil society members, confirmed the company sells its products to the U.S. government. (TechCrunch)

❤️ Some uplifting news from my colleagues at Axios Seattle: A zoo in Tacoma just welcomed a rare Malayan tapir calf, who was born Sunday.

• This is only the second tapir birth in the zoo's 120-year history.
• 🍉 And the calf has a very cute pattern that the zoo says resembles "a tiny walking watermelon" — can't get much better than that!