Guarding the games

Tim West at WithSecure describes cyber-security challenges and strategies for Paris 2024, and outlines lessons for business

 

In just a few days, the eyes of the world will be on Paris as the Olympic Games get underway, attracting billions of viewers worldwide. It’s still one of the most watched and anticipated global sporting events and the city is expected to welcome millions of visitors.

 

However, as with all high-profile events of this scale and magnitude, it can also attract the attention of malicious actors – from organised crime groups, to state sponsored actors. Adversaries might seize on the opportunity these events present to cause disruption, or to profit financially. At the last games held in Tokyo in 2021 there were an estimated 450 million cyber-attacks.

 

The upcoming Paris Olympics is projected to attract eight times more cyber-threats, as attackers target the event itself and the infrastructure surrounding it, from hospitality to transport and broadcasters. 

 

They also take advantage of the event to target businesses and people more broadly who may fall for social engineering tricks using the Olympics as their bait. Understanding the likely attack paths and tactics they use is critical in developing strategies to defend against them. 

 

Understanding cyber-risks at the Olympics  

With rising global tensions, state actors, hacktivists, and criminals are motivated to exploit the Olympics. 

 

Hacktivists have been emboldened since the 2022 invasion of Ukraine and pose a significant threat to the Olympic Games. In fact, hacktivists pose a greater threat than nation-state actors and organised cyber-criminal groups.

 

Hacktivists groups aim to interfere with information systems and seek notoriety and media attention for their causes. 

 

Despite robust expected DDoS mitigation measures by Olympic organisers, pro-Russian and anti-Israel hacktivists are expected to be active. It is also speculated that Russian state actors are potentially using hacktivist covers to disguise their campaigns, similar to the 2018 attack on the Winter Olympics in South Korea.

 

Organised cyber-criminal groups, while posing a moderate to low threat to core Olympic networks, will likely target peripheral systems like ticketing and hotels. And with many regions seeing an uptick in ransomware attacks, the Games present another opportunity for criminal gangs to exploit network vulnerabilities and use social engineering to launch attacks. 

 

The evolving cyber-crime ecosystem has made financially motivated criminals even more capable, and state actors sometimes disguise themselves as ransomware groups in order to launch more sophisticated and damaging attacks. 

 

Another significant threat to the Olympics comes from nation-state actors who usually orchestrate attacks to further political agendas.

 

The threat posed by nation-state criminals

Given the geopolitical tensions leading up to this year’s event, nation-state actors will pose one of the biggest threats the games face. Among them, Russia presents the greatest danger due to its hostility towards France and resentment over its doping scandal ban.

 

The nation’s cyber-security capabilities are well-documented, as evidenced by their sophisticated operations against PyeongChang, which included false flag events and influence operations. Moreover, Russia might use the Olympics to sway French public opinion and elections, leveraging the event’s success or failure as a political tool against President Macron.

 

Other nation-states, such as China, Iran, and North Korea, present moderate to low risks, likely primarily focusing on espionage, propaganda, and financial cyber-crimes rather than direct disruption of the Olympics.

 

Securing an event as vast as the Olympics requires addressing multiple factors, including the cyber-protection of participants, fans and the venue’s IT infrastructure. However, fraudsters are also exploiting the event through ticket scams, phishing, and email fraud.  

 

Effective cyber-security measures  

The Olympics rely on numerous critical services and industries such as power, communications, essential private and civil networks, hospitality, accommodation, and transport. Each area faces varying cyber-threats with different motivations and capabilities, posing a significant challenge for the Olympic authorities – as well as Paris and France at large.  

 

The businesses affiliated with the Olympics must learn from past events to be well-prepared and equipped with specialised tools, software, and personnel to respond to cyber-incidents. Creating an effective defence against ransomware requires a proactive cyber-security stance, including automated scans to identify and address vulnerabilities swiftly.  

 

So, service providers during this year’s event should enhance their proactive measures beyond basic Endpoint Detection and Response (EDR) and Endpoint Protection Platforms (EPP) by incorporating advanced threat intelligence and automated response solutions. 

 

A comprehensive, multi-layered security strategy, leveraging these tools, will help such organisations adapt to the evolving threat landscape, providing deeper insights and stronger capabilities to counter ransomware.  

 

The diverse range of cyber-threats facing the Paris 2024 Olympics and businesses linked to the games underscores the critical importance of enhancing cyber-resilience. Vigilance and adaptability are essential in maintaining strong cyber-security. 

 

By leveraging advanced technologies and proactive measures, businesses can mitigate risks from state actors, hacktivists, and cyber-criminals. This will ensure protection of operations and reputation of the businesses associated with Olympics. 

 

---

 

Tim West is Director of Threat Intelligence and Outreach at WithSecure 

 

Main image courtesy of iStockPhoto.com and Pablo Utrilla