As the 2024 Olympics approach, the world's eyes will turn to Paris. The event not only showcases athletic prowess but also presents a significant challenge for cybersecurity professionals. With the influx of visitors, media, and digital infrastructure, the stakes are high for ensuring the safety and integrity of the Games.
The Olympics are a prime target for cyberattacks due to their high profile, the involvement of numerous stakeholders, and the extensive use of digital technologies. The challenges can be broadly categorized into several key areas.
The 2024 Paris Olympics will involve a massive digital infrastructure, including ticketing systems, live-streaming platforms, and IoT devices used in venues. This creates an expanded attack surface that malicious actors can exploit.
Cybercriminals and nation-state threat actors are expected to employ sophisticated techniques to target the Olympics. These could range from DDoS attacks to more subtle tactics like phishing and ransomware.
The convergence of physical and cyber threats is particularly relevant for the Olympics. Cyberattacks could potentially have physical consequences, such as disrupting transportation systems or manipulating digital scoreboards.
According to new FortiGuard Labs analysis released this morning, this year's Olympics has been a target for a growing number of cybercriminals for more than a year. Using publicly available information and proprietary threat intelligence provided by FortiRecon, the report provides a comprehensive view of planned attacks, such as third-party breaches, infostealers, phishing, and malware, including ransomware. The report identifies a range of risks including cyberattacks targeting critical infrastructure, event management systems, and personal data of athletes and attendees.
Some of the highlights from the report include:
FortiGuard Labs says it has observed a significant increase in resources being gathered leading up to the Paris Olympic Games, especially those targeting French-speaking users, French government agencies and businesses, and French infrastructure providers. Notably, since the second half of 2023, FortiGuard Labs saw a surge in darknet activity targeting France. This 80-90% increase has remained consistent across the second half of 2023 and first half of 2024. The prevalence and sophistication of these threats are a testament to the planning and execution of cybercriminals, with the dark web serving as a hub for their activities.
Documented activities include the growing availability of advanced tools and services designed to accelerate data breaches and gather personally identifiable information (PII), such as full names, dates of birth, government identification numbers, email addresses, phone numbers, residential addresses, and more. For example, FortiGuard Labs is seeing the sale of French databases that include sensitive personal information, including the sale of stolen credentials and compromised VPN connections to enable unauthorized access to private networks. Researchers are also witnessing a rise in advertisements for phishing kits and exploit tools customized specifically for the Paris Olympics, as well as combo lists (a collection of compromised usernames and passwords used for automated brute-force attacks) comprised of French citizens.
FortiGuard Labs anticipates that hacktivist groups will focus on entities associated with the Paris Olympics to disrupt the event, targeting infrastructure, media channels, and affiliated organizations to disrupt event proceedings, undermine credibility, and amplify their messages on a global stage.
[RELATED: Like a Spy Movie: How Russia Hacked Its Olympic Enemies]
"The 2024 Paris Olympics represent a major opportunity for cybercriminals, as well as state-sponsored hackers, to create mischief. This will be the third Olympics hosted by Paris... the others were in 1900 and 1924 and they did not have to deal with cyberattacks," said Col. Cedric Leighton, CNN Military Analyst, U.S. Air Force (Ret.), and Chairman, Cedric Leighton Associates, LLC. "Two countries often associated with disruptive cyberattacks have been sanctioned by the International Olympic Committee or international anti-doping bodies. These are Russia and China. Russian athletes are not allowed to compete under the Russian flag, and several Chinese swimmers are under investigation for alleged doping. Both countries view sports—especially international sports competitions like the Olympics—as another means to project power and influence. The 2008 Summer and 2022 Winter Beijing and 2014 Sochi Winter Olympic Games were 'prestige projects' for both China and Russia. Because both countries or their athletes are subject to various international sanctions, neither country is averse to disrupting such a prestigious international event in a Western nation like France."
"The Olympics are a particularly attractive target for cybercriminals due to the global attention and massive scale of the event," said Patrick Tiquet, Vice President, Security & Architecture, at Keeper Security. "The convergence of international visitors, extensive media coverage, and the reliance on critical infrastructure make it an ideal environment for cyberattacks. Threat actors can exploit the high volume of online transactions, communication, and data exchange to steal sensitive information, disrupt operations, or launch misinformation campaigns. The potential for widespread chaos and the high-profile nature of the Olympics amplify the impact of any successful attack, making it a lucrative target for cybercriminals."
[RELATED: Russian Disinformation Machine Revs Up Ahead of Paris Olympics]
"Cybercriminals are leveraging the global attention and massive scale of the Olympics to exploit vulnerabilities and achieve their malicious objectives," Tiquet said. "Individuals should be particularly cautious with unsolicited communications related to the Olympics. Be wary of emails, messages, or social media posts offering deals, contests, or requiring urgent actions. It is essential to verify the authenticity of sources before clicking on links or providing personal information. Avoiding suspicious links and attachments is crucial, as these can lead to phishing sites or malware infections. Additionally, using secure QR scanners with built-in security features to preview links before opening them can help prevent falling victim to QR code scams."
Enterprise cybersecurity professionals can take several proactive steps to prepare for the challenges posed by the 2024 Paris Olympics.
1. Conducting a thorough risk assessment is the first step in identifying potential vulnerabilities and developing mitigation strategies.
2. Having a robust incident response plan in place is essential for quickly addressing any security incidents that arise.
3. Implementing advanced monitoring and detection capabilities can help identify and mitigate threats before they cause significant damage.
4. Collaboration with various stakeholders, including government agencies, private companies, and international partners, is crucial for a comprehensive security approach.
5. Human error is often a significant factor in cybersecurity incidents. Training and awareness programs can help reduce this risk.
"While the distractions and potential bandwidth strains associated with following the Olympics can damage organizations, mobile security threats have proven to be a more dangerous issue that organizations of all sizes should be particularly wary about," said JT Keating, Senior Vice President of Strategic Initiatives at Zimperium. "Mobile phishing attacks are on the rise. Unfortunately, many employees who look for alternative sources to watch the Olympics may unwittingly turn to malicious websites and apps on their smartphones and tablets. Phishing, malware, and other attacks flourish during popular online events such as the Olympics, and even one small mistake by an employee whose mobile device is connected to corporate data could cause chaos throughout an entire organization."
"Today, mobile security and education in the enterprise is more crucial than ever," Keating said. "In most cases, mobile devices represent a significant, unaddressed attack surface for enterprises. No matter if they are corporate-owned or part of a BYOD strategy, the need to implement proper security controls and educate end-users about potential threats is critical."
Col. Leighton offered further perspective, saying: "The 2018 'Olympic Destroyer' attack on the Pyeongchang, South Korea Winter Olympics could be a prelude to what Paris Olympics organizers might experience. 'Olympic Destroyer' almost shut down the Pyeongchang Olympics before they began; that they didn't was testimony to the ability of the IT staff to quickly respond and adapt to the attack. One can only hope the Paris Olympics organizers took copious notes."