As the world eagerly anticipates the Paris 2024 Olympic Games, a parallel contest of a darker nature is brewing behind the scenes. The event’s global reach and reliance on digital infrastructure make it a prime target for cyberattacks.
“Millions of fans will be glued to their digital devices, which can be a breeding ground for threat actors/groups seeking opportunities to exploit fans, athletes, coaches, famous personalities and businesses. With an expected expenditure of around EUR9 billion ($13.05 billion), the event draws fans, who possess a plethora of valuable information for cybercriminals such as payment card data and personally identifiable information,” Anshuman Sharma, director of CSIRT and Investigative Response at Verizon Threat Research Advisory Centre, tells DigitalEdge.
The Olympics, he adds, garners considerable media coverage and public interest worldwide. “So, any interruption or breach in security during the games could lead to significant effects, amplifying the consequences, and impacting both human safety and the economy,” he says.
Why businesses should care
Although the direct impact of cyber threats targeting the Paris Olympics will be felt mostly by the event organisers and stakeholders, Sharma advises businesses globally to be aware of the potential ripple effects.
“Threat actors may leverage the occasion to carry out social engineering attacks such as enticing consumers with free tickets to the Olympics or spreading malware via fake news. With billions of dollars spent on infrastructure, tourism and related industries, any disruption to the Paris Olympics may have a broader economic repercussion too. It will have a cascading effect, impacting businesses downstream and potentially leading to delays, financial losses or reputational damage,” he explains.
See also: 80% of AI projects are projected to fail. Here's how it doesn't have to be this way
Similarly, Joanne Wong, chief marketing officer at cybersecurity firm LogRhythm, believes cyber attackers are likely to use deceptive tactics centred around Olympic-themed lures to trick users and disrupt businesses worldwide.
“Platforms hosting Olympic fan discussions and social interactions are attractive targets for cybercriminals looking to exploit the surge in user activity and personal data. Cybercriminals may deploy tactics such as phishing emails and misinformation campaigns, offering special promotions or exclusive content around the Olympics. Access to personal information or payment details from unsuspecting users may then be harvested for fraudulent purposes, leveraging the high volume of valuable data within these sectors,” she exemplifies.
The travel and hospitality industries will also be at risk due to the influx of tourists for the Olympics. Wong says: “The surge in online traffic across airlines, hotels and travel booking platforms makes those businesses particularly vulnerable to cyber attacks like phishing scams, which are aimed at disrupting business operations and financial transactions.”
See also: Responsible AI starts with transparency
Expected cyber threats
The IT systems and critical infrastructure are the hidden backbone that ensures every event at the Olympics runs smoothly. As such, cybercriminals may exploit vulnerabilities in those systems to disrupt operations and cause chaos on a global stage.
Wong shares that a widely used tactic is distributed denial-of-service (DDoS) attacks, where cyber attackers flood servers with unwanted traffic to overwhelm crucial digital systems such as ticketing systems, broadcasting networks and official websites.
“DDoS attacks can be aimed at disrupting operations, stealing sensitive data, and extorting money through ransom demands. This was demonstrated during the 2012 London Olympics when the event encountered a 40-minute disruption to the Olympic Park’s power systems as a result of a DDoS attack,” she says.
Another common form of attack is ransomware, a form of malware that encrypts files on compromised systems, rendering them inaccessible until a ransom is paid in exchange for the decryption key. Wong states: “Recognising the substantial stakes involved, threat actors can exploit weaknesses in the systems of key partners that house vast amounts of sensitive data — storing every detail, daily activity, location of athletes worldwide, as well as data on event spectators.”
Hacktivist groups may also use the Paris Olympics as an opportunity to spread hate messages, deface websites or deliberately disrupt related services via DDoS attacks.
“Extensive infrastructure and logistics — such as communication networks, transportation systems and accommodation facilities — are required for the success of the Olympics. Adversaries may try to cause disturbance or destruction to this infrastructure, impacting both the games and the host city’s image and upcoming events. [Bad actors might] target service providers to disrupt the infrastructure or compromise the environment via ransomware, leaving them with no time to respond, but to pay ransom in order to restore operations,” warns Sharma.
To stay ahead of the latest tech trends, click here for DigitalEdge Section
He continues: “Additionally, major events such as the Paris Olympics can be targeted by nation-state actors seeking to gain strategic advantages or influencing geopolitical dynamics. Nation-state-sponsored cyber espionage campaigns may target Olympic organisations, sponsors or participants to gather intelligence or undermine the reputation of rival countries.”
Upping defence
It will take a concerted effort from various stakeholders to prepare and defend against cyber attacks during the Paris Olympics. According to Sharma, the Olympic Committee must allocate resources and funding to support cybersecurity efforts for the games. This includes conducting a comprehensive risk assessment to identify potential vulnerabilities and enhancing monitoring and response capabilities.
“Having a robust threat intelligence service/solution as well as deploying endpoint detection and response, network detection and response, deception technology and appropriate network segmentation are a must for all the associated entities responsible for carrying out the Olympics in a sound manner. Continuous monitoring for anomalies, visibility, orchestration and automation, and having incident response plans, playbooks and incident response retainer partners, are necessary to prepare for any adverse situation.
“[Additionally, it is vital] to test incident response plans and create cyber crisis scenarios to ensure readiness to respond effectively to cyber incidents that may impact business operations. The Olympics Committee should also coordinate with the law enforcement agencies early to gain insights and timely availability of cyber threat intel data,” he advises.
Meanwhile, Wong says the French government has a responsibility to ensure that public infrastructure — especially critical infrastructure such as power grids, transportation systems and communication networks — is secured from potential attacks.
Sharma and Wong assert that consumers have a part to play too. Individuals should be wary of unsolicited emails, links and attachments, and verify the authenticity of all communications before clicking on them.
Furthermore, they must practise cyber hygiene such as using multi-factor authentication and strong passwords, updating patches on endpoint and mobile devices on a timely basis and only downloading and installing software from known reputed sources. They should also always use secure and encrypted WiFi connections instead of open networks, especially when accessing sensitive information or making financial transactions online.
The Paris Olympics is expected to be a cybersecurity minefield. Safeguarding this worldwide event calls for a collaborative and multi-faceted approach involving various stakeholders, including the Olympic Committee, the French government, technology vendors, businesses and individuals.
