Cyber Threats in the Olympics: Faster – Higher – Stronger – Safer?
Introduction
At its heart, the modern Olympics has always been a celebration of human endeavor, an event where athletes compete for supremacy in their chosen disciplines, inspire others to excel, and represent the pride and spirit of their nations. But the world’s biggest sporting showcase will also inspire competition among cybercriminals, some motivated by money, some by ideology, and others by national interest, but all of them striving (unfortunately) to make their mark on this historic event.
The Games have suffered terror attacks and in-person protests in the past, but cyber-attacks became equally concerning for organizers in 2018 when suspected Russian government threat actors targeted the Winter Olympics in Pyeongchang, South Korea with a malware tool called Olympic Destroyer. Wi-Fi went down during the opening ceremony as it wiped critical files. Not only that, the attackers left traces in the malware that they knew security experts would trace back to North Korean hackers the Lazarus Group, proving that there really is no honor among thieves!
So, with 13 million visitors set to descend on Paris during the summer of 2024, what cyber threats will the country be facing during the Olympics?
Cyber Threats: All Eyes on The Paris Olympics
Actually, the nation is already facing them. In February, threat actors stole the Social Security numbers of 33 million French citizens – almost half the total population – in a data breach carried out against two health insurance providers. Then in March a political group sympathetic to Russia that calls itself ‘Anonymous Sudan’ claimed responsibility for what Prime Minister Gabriel Attal described as unprecedented attacks against French state services. In May, Amélie Oudéa-Castéra, the French Minister of Sports and the person responsible for France’s Olympic efforts had her X account hacked.
These are just pre-game warm-ups for malicious actors though, and observers are speculating that when events take place throughout July and August, they are highly likely to face a barrage of attacks by parties with a wide range of motivations. The level of concern is so high that European organizations are expected to spend an additional $150 million during the year on cyber security protections.
Back in 2021, games-related targets at the Tokyo Olympics suffered an incredible 450 million attacks. France’s Olympic Games cybersecurity chief Franz Regul told The New York Times that his team is expecting to face 8 to 12 times that number of attacks.
Expected Cyber Threats in The Paris Olympics
The Paris 2024 organization has over 700 domains and 800 external Web apps residing on more than 16 different cloud providers. That’s a big attack surface to defend. As the whole world looks on, the Olympics will be a golden opportunity for a variety of malicious actors spreading cyber threats to make money, cause chaos, or get noticed. Here’s what to expect:
Cyber Espionage: Cyber espionage groups may target the Olympics for information gathering purposes, due to the volume of government officials and senior decision makers attending. With Russia, China, Iran, and North Korea actively seeking to undermine the West, ongoing tensions in the Middle East, and any number of groups looking to champion their own political and ideological causes, the opportunity to trick an official into revealing their passwords through phishing attacks or maybe even stealing one of their devices will be too good a chance to pass up.
Government representatives and state-affiliated organizations need to ensure that their representatives take the necessary steps to stay secure. As a bare minimum they should be using password-protected devices, they should use two-factor authentication to secure their accounts, and use a VPN to encrypt their online activities.
Disruptive and Destructive Operations: Russia has previously sought to influence the outcomes of elections in other countries by spreading misinformation on an industrial scale using social media. With France and other Western Nations backing Ukraine against Russia in its war, and with Russian athletes not allowed to compete under its flag, analysts expect Russian threat actors to play an active role in disrupting the summer games.
They could potentially deface websites, disrupt infrastructure with DDoS attacks, and deploy wiper malware, as they did with the opening ceremony in South Korea. Not only that, the APT44 group modified android apps, including a bus timetable, one used to search for accommodation, and a fake webmail app aimed at Ukrainians. The goal here was to harvest PII from users, as part of a credential gathering exercise in support of Russia’s strategic aims.
We can’t help but mention here that if the apps’ creators had been using Reflectiz, any attempts at modifying their code would’ve been flagged.
Information Operations: It’s thought that threat actors may try to leverage interest in the Olympics to spread their partisan narratives and disinformation to target audiences. In some cases, they may leverage disruptive and destructive attacks to amplify the spread of certain narratives.
Microsoft has reported that Russia-affiliated influencer group Storm 1679 has been releasing various fake propaganda videos since June 2023. Some use AI content to spread misinformation about the Games, such as a fake France 24 press release claiming that a quarter of Olympic tickets have been returned due to fears of terrorism.
Given its history of targeting governments and nonprofits in Europe, groups affiliated with the People’s Republic of China are thought to be likely to target individuals and organizations, including high-profile government officials and senior decision-makers. State-sponsored threat actors will be looking to snag PII, credentials, and other sensitive information in support of their national interests, so these officials need to be on the lookout for spear-phishing campaigns.
Financial gain: For those looking to make money there are many opportunities to generate income. France will see a huge influx of spectators, athletes, officials, workers, media people, foreign dignitaries, and others, and all of them will be using their phones, laptops, and tablets in an unfamiliar environment. This may mean they’re not as careful as they should be, and scammers will be looking to take advantage of that.
It’s interesting (and a little disturbing) to note that over 1000 domain names that feature the word, ‘Olympic’ have been purchased since the start of the year. The suspicion is that many of them will be used to sell things like fake tickets to Olympic events, but they could also be used to sell fake travel services and accommodation. The goal of course with these sites is going to be scamming the buyers twice: first by selling them fake tickets and second by harvesting their payment details to use again or sell on.
Bad actors will likely target all kinds of retail websites – not just those selling Olympics-related products – with web skimming attacks, and the best defense, in this case, is to use a continuous web exposure management solution that actively monitors the entire digital supply chain for unauthorized code changes, tracks data exfiltration attempts, and blocks malicious domains. Reflectiz works remotely, so it doesn’t slow your retail website down in a way that’s off-putting for visitors. Being remote also means that it can see the threats that embedded solutions can’t, such as those hiding in iFrames.
Ransomware Attacks: Companies linked to the Paris Olympics 2024 are at increased risk of ransomware attacks. Those in industries like hospitality and transportation are more likely to give in and pay a ransom during the Olympics because they will most likely be losing more business than normal during any downtime. These kinds of attacks are coordinated using command and control servers, but with Reflectiz scanning an organization’s entire digital infrastructure to build a complete inventory of every connected asset, any attempts to control the devices in your network or send data to unauthorized locations would be promptly flagged.
Phishing attacks – Social engineering emails may be used to lure victims to one of those fake websites we mentioned using a variety of tactics. They may impersonate banks, insurance companies, couriers, Internet service providers, etc., then urge the victim to visit the website. When they type in their personal information the website harvests the data, either to defraud them or resell their credentials. Spear phishing (a highly personalized kind of phishing) was used in the Seoul 2018 attacks.
Go for gold with Reflectiz
Stay ahead of your competitors during these Olympics with our continuous web threat management solution. It goes the extra mile to map and assess an organization’s entire infrastructure, then monitors every snippet of code for suspicious changes. It tracks data movements to protect user privacy, and issues prioritized alerts based on risk.
With the Olympics just around the corner now is the perfect time to assess just how secure your website is compared to your competitors. We recently introduced an exposure rating tool that leverages the data we gather on thousands of websites in your industry, scores your level of protection to see what vulnerabilities you are carrying, and delivers practical action points to help you address them. The solution is powerful, easy to use, and free to try so why not sign up today?
Subscribe to our newsletter
Stay updated with the latest news, articles, and insights from Reflectiz.
Your Website looks great!
But what’s happening behind the scenes?
Discover your website blind spots and vulnerabilities before it’s too late!
