As the 2024 Olympics approach, the world's eyes will turn to Paris. The event not only showcases athletic prowess but also presents a significant challenge for cybersecurity professionals. With the influx of visitors, media, and digital infrastructure, the stakes are high for ensuring the safety and integrity of the Games.
The Olympics are a prime target for cyberattacks due to their high profile, the involvement of numerous stakeholders, and the extensive use of digital technologies. The challenges can be broadly categorized into several key areas.
1. Increased attack surface
The 2024 Paris Olympics will involve a massive digital infrastructure, including ticketing systems, live-streaming platforms, and IoT devices used in venues. This creates an expanded attack surface that malicious actors can exploit.
- Diverse technologies: The integration of various technologies, from traditional IT systems to newer IoT devices, increases the complexity of securing the event.
- Third-party vendors: The involvement of numerous third-party vendors adds to the difficulty of maintaining a consistent security posture across all systems.
2. Sophisticated threats
Cybercriminals and nation-state threat actors are expected to employ sophisticated techniques to target the Olympics. These could range from DDoS attacks to more subtle tactics like phishing and ransomware.
- Advanced Persistent Threats (APTs): State-sponsored groups may launch APTs to steal sensitive information or disrupt the event.
- Ransomware: Cybercriminals could deploy ransomware to lock critical systems, demanding payment for their release.
3. Physical and cyber convergence
The convergence of physical and cyber threats is particularly relevant for the Olympics. Cyberattacks could potentially have physical consequences, such as disrupting transportation systems or manipulating digital scoreboards.
- Critical infrastructure: Ensuring the security of critical infrastructure, including power grids and communication networks, is essential.
- Public safety: Coordinating between cybersecurity teams and physical security personnel will be crucial to address potential hybrid threats.
According to new FortiGuard Labs analysis released this morning, this year's Olympics has been a target for a growing number of cybercriminals for more than a year. Using publicly available information and proprietary threat intelligence provided by FortiRecon, the report provides a comprehensive view of planned attacks, such as third-party breaches, infostealers, phishing, and malware, including ransomware. The report identifies a range of risks including cyberattacks targeting critical infrastructure, event management systems, and personal data of athletes and attendees.
Some of the highlights from the report include:
- Darknet posts advertising access to France-based companies' networks
- Dark web services that create phishing websites and offer SMS services phone spoofing
- Phishing kits for sale
FortiGuard Labs says it has observed a significant increase in resources being gathered leading up to the Paris Olympic Games, especially those targeting French-speaking users, French government agencies and businesses, and French infrastructure providers. Notably, since the second half of 2023, FortiGuard Labs saw a surge in darknet activity targeting France. This 80-90% increase has remained consistent across the second half of 2023 and first half of 2024. The prevalence and sophistication of these threats are a testament to the planning and execution of cybercriminals, with the dark web serving as a hub for their activities.
Documented activities include the growing availability of advanced tools and services designed to accelerate data breaches and gather personally identifiable information (PII), such as full names, dates of birth, government identification numbers, email addresses, phone numbers, residential addresses, and more. For example, FortiGuard Labs is seeing the sale of French databases that include sensitive personal information, including the sale of stolen credentials and compromised VPN connections to enable unauthorized access to private networks. Researchers are also witnessing a rise in advertisements for phishing kits and exploit tools customized specifically for the Paris Olympics, as well as combo lists (a collection of compromised usernames and passwords used for automated brute-force attacks) comprised of French citizens.
FortiGuard Labs anticipates that hacktivist groups will focus on entities associated with the Paris Olympics to disrupt the event, targeting infrastructure, media channels, and affiliated organizations to disrupt event proceedings, undermine credibility, and amplify their messages on a global stage.
[RELATED: Like a Spy Movie: How Russia Hacked Its Olympic Enemies]
"The 2024 Paris Olympics represent a major opportunity for cybercriminals, as well as state-sponsored hackers, to create mischief. This will be the third Olympics hosted by Paris... the others were in 1900 and 1924 and they did not have to deal with cyberattacks," said Col. Cedric Leighton, CNN Military Analyst, U.S. Air Force (Ret.), and Chairman, Cedric Leighton Associates, LLC. "Two countries often associated with disruptive cyberattacks have been sanctioned by the International Olympic Committee or international anti-doping bodies. These are Russia and China. Russian athletes are not allowed to compete under the Russian flag, and several Chinese swimmers are under investigation for alleged doping. Both countries view sports—especially international sports competitions like the Olympics—as another means to project power and influence. The 2008 Summer and 2022 Winter Beijing and 2014 Sochi Winter Olympic Games were 'prestige projects' for both China and Russia. Because both countries or their athletes are subject to various international sanctions, neither country is averse to disrupting such a prestigious international event in a Western nation like France."
"The Olympics are a particularly attractive target for cybercriminals due to the global attention and massive scale of the event," said Patrick Tiquet, Vice President, Security & Architecture, at Keeper Security. "The convergence of international visitors, extensive media coverage, and the reliance on critical infrastructure make it an ideal environment for cyberattacks. Threat actors can exploit the high volume of online transactions, communication, and data exchange to steal sensitive information, disrupt operations, or launch misinformation campaigns. The potential for widespread chaos and the high-profile nature of the Olympics amplify the impact of any successful attack, making it a lucrative target for cybercriminals."
[RELATED: Russian Disinformation Machine Revs Up Ahead of Paris Olympics]
"Cybercriminals are leveraging the global attention and massive scale of the Olympics to exploit vulnerabilities and achieve their malicious objectives," Tiquet said. "Individuals should be particularly cautious with unsolicited communications related to the Olympics. Be wary of emails, messages, or social media posts offering deals, contests, or requiring urgent actions. It is essential to verify the authenticity of sources before clicking on links or providing personal information. Avoiding suspicious links and attachments is crucial, as these can lead to phishing sites or malware infections. Additionally, using secure QR scanners with built-in security features to preview links before opening them can help prevent falling victim to QR code scams."
Enterprise cybersecurity professionals can take several proactive steps to prepare for the challenges posed by the 2024 Paris Olympics.
1. Conducting a thorough risk assessment is the first step in identifying potential vulnerabilities and developing mitigation strategies.
- Identify critical assets: Determine which systems and data are most critical to the successful operation of the Olympics.
- Evaluate threat scenarios: Consider various threat scenarios, including DDoS attacks, phishing campaigns, and insider threats.
2. Having a robust incident response plan in place is essential for quickly addressing any security incidents that arise.
- Incident response teams: Establish dedicated incident response teams that can act swiftly in the event of a cyberattack.
- Communication protocols: Develop clear communication protocols to ensure rapid information sharing between stakeholders.
3. Implementing advanced monitoring and detection capabilities can help identify and mitigate threats before they cause significant damage.
- 24/7 monitoring: Ensure that systems are monitored around the clock, with automated alerts for suspicious activities.
- Threat intelligence: Utilize threat intelligence to stay informed about the latest attack vectors and techniques.
4. Collaboration with various stakeholders, including government agencies, private companies, and international partners, is crucial for a comprehensive security approach.
- Public-private partnerships: Engage in public-private partnerships to leverage resources and expertise.
- Information sharing: Participate in information-sharing initiatives to stay updated on emerging threats and best practices.
5. Human error is often a significant factor in cybersecurity incidents. Training and awareness programs can help reduce this risk.
- Employee training: Provide regular training for employees on cybersecurity best practices and how to recognize phishing attempts.
- Public awareness: Educate the public and attendees on how to protect their personal information while attending the Games.
"While the distractions and potential bandwidth strains associated with following the Olympics can damage organizations, mobile security threats have proven to be a more dangerous issue that organizations of all sizes should be particularly wary about," said JT Keating, Senior Vice President of Strategic Initiatives at Zimperium. "Mobile phishing attacks are on the rise. Unfortunately, many employees who look for alternative sources to watch the Olympics may unwittingly turn to malicious websites and apps on their smartphones and tablets. Phishing, malware, and other attacks flourish during popular online events such as the Olympics, and even one small mistake by an employee whose mobile device is connected to corporate data could cause chaos throughout an entire organization."
"Today, mobile security and education in the enterprise is more crucial than ever," Keating said. "In most cases, mobile devices represent a significant, unaddressed attack surface for enterprises. No matter if they are corporate-owned or part of a BYOD strategy, the need to implement proper security controls and educate end-users about potential threats is critical."
Col. Leighton offered further perspective, saying: "The 2018 'Olympic Destroyer' attack on the Pyeongchang, South Korea Winter Olympics could be a prelude to what Paris Olympics organizers might experience. 'Olympic Destroyer' almost shut down the Pyeongchang Olympics before they began; that they didn't was testimony to the ability of the IT staff to quickly respond and adapt to the attack. One can only hope the Paris Olympics organizers took copious notes."