As athletes from around the world compete for gold medals at the Olympic and Paralympic Games in Paris in 2024, the 30th Olympic Games could become the biggest cybersecurity risk in history, as cybercriminals fine-tune their own game plan for hacking, attacking and exploiting the biggest event on the planet.
“We’ve seen a surge in cybercrime and cyberthreats in recent years. And this is the biggest show on the planet, not just in the sporting world, but probably the biggest event on the planet, so it’s obviously going to be a target for people to disrupt for a variety of reasons,” said Richard Thurston, European security services research manager at IDC.
According to Cisco, the network infrastructure provider for the Paris Olympics, there have been 450 million cyber attacks against the Tokyo Summer Olympics, which have been postponed due to the coronavirus pandemic in 2021. Cisco expects there to be eight times as many attacks targeting the Paris Olympics (held July 26-Aug. 11) and Paralympics (held Aug. 28-Sept. 8).
A research report from IDC released ahead of the Olympics suggests that “Paris 2024 will be the most cyber-attack-prone Olympic Games in history.” IDC goes on to call the Games the Olympic Games with “the most complex threat environment” and “the highest ease for threat actors to execute attacks.”
Much of that ease can be attributed to artificial intelligence, as Paris will host the first Olympics of the generative AI era.
GenAI has already been used in a sophisticated online smear campaign against the Olympics. In 2023, Russian disinformation group Storm-1679 created an AI-generated video featuring a deepfake of Hollywood star Tom Cruise. Called “Olympics Has Fallen” (an irreverent tribute to the 2013 action thriller film Olympus Has Fallen), the video used a deepfake of Cruise’s image and voice to smear the International Olympic Committee (IOC) in the run-up to the Paris Olympics.
Ashley Jess, senior intelligence analyst at Intel471, warned that cybercriminals will be using AI for malvertising and SEO poisoning in the lead up to and during the Olympics.
“Last week I saw someone share how they used ChatGPT to build an optimized website that would rank malicious websites higher in search engines. [of search results]”To achieve this, we were leveraging hundreds of websites at the same time,” says Jess.
The AI-based tactic could also be used to build fake Olympic ticket sales sites and make them appear at the top of online searches for Paris tickets, she added. To thwart ticket fraud, Paris organizers have designated tickets.paris2024.org as the only legitimate ticket sales site. But as of June, French authorities had already identified 338 Olympic ticket fraud sites on the internet.
Hacktivism and Cyberespionage
Cybercriminals motivated by greed will use Olympic-themed emails and websites as clickbait for financial gain, including phishing and ransomware attacks. Hacktivists, on the other hand, may target the Paris Olympics for political or social purposes. The current geopolitical conflicts in Ukraine and Gaza could make the 2024 Summer Olympics a particularly ripe environment for hacktivist attacks.
“Hacktivists will likely launch website defacements and denial-of-service attacks against the infrastructure that supports the event in an attempt to embarrass the host country or the organizing committee,” said Sami Khoury, director of the Canadian Cyber Security Centre (CCCS), Canada’s equivalent of ANSSI. “There are billions of people watching the Olympics, so they will take advantage of that opportunity.”
“Hacktivism is not just targeting Olympic infrastructure,” Khoury continued, “in the case of the Paris Olympics, it could be France, but also other countries and governments that support Ukraine.”
During the 2016 Rio de Janeiro Summer Olympics, a DDoS attack by hacktivist group Anonymous took down various Brazilian government websites as a digital protest against police and military raids in Rio’s poor neighborhoods.
This summer’s Paris Olympics have also been a prime target for state-sponsored cyberespionage. Like hacktivism, cyberespionage is politically motivated. Unlike hacktivism, cyberespionage is always coordinated, funded or sanctioned by a specific government. In May, the CCCS issued a bulletin warning of the risks of cyberespionage at major global sporting events. It noted that Russia’s invasion of Ukraine, which led to it being barred from several international sporting organizations, including the IOC and the International Football Association (FIFA), could lead the Kremlin to support retaliatory cyberespionage.
Cyberespionage at the Rio Olympics played out like something out of a James Bond movie: World Anti-Doping Agency (WADA) officials used a Rio hotel’s Wi-Fi to log into WADA’s database, and hackers stole the login credentials. A few weeks later, Russian cyberespionage group Fancy Bear published confidential WADA medical records of more than 125 athletes who competed at the Rio Olympics, including American gymnast Simone Biles and tennis stars Venus and Serena Williams.
Protect your game
The French government’s national cybersecurity agency, the Agency National de Security des Sécurités de l’Information (ANSSI), is overseeing a massive effort to maintain cybersecurity for the Paris Olympics. Since mid-2023, the agency has been holding several awareness seminars and crisis management exercises with various stakeholders from the government, security and sports ecosystems. According to the IDC report, cybersecurity services and operations for the Paris Olympics are managed by Eviden (a division of Atos, the Olympics’ main IT integrator), and “can be delivered from up to 17 SOCs around the world, as well as from a SOC dedicated to the Olympics.”
This is a far cry from the stunning gaffe made by Japan’s cybersecurity minister ahead of the 2020 Tokyo Summer Olympics. Just two years before the games are due to take place, Minister Yoshitaka Sakurada admitted he doesn’t use computers and seemed confused by how to use a USB drive.
Despite being planned for years, anything can happen right up until the last minute. Just before the opening ceremony of the 2018 Winter Olympics in Pyeongchang, South Korea, Russian government-backed hackers launched a malware attack called “Olympic Destroyer,” which took down the official Olympic website and Wi-Fi in stadiums, wreaked havoc on broadcast operations and on-site news media centers, and prevented some spectators from attending the ceremony because they couldn’t print tickets.
The Paris Games are already on the brink of a cyber disaster: A glitch in the CrowdStrike update on July 19th caused outages to Microsoft-based systems for banks, airlines and media outlets around the world, but Paris organizers said the impact to Olympic operations was minimal and limited to some deliveries of uniforms and certificates.
Third-Party Cyber Risk
While the CrowdStrike incident was not a malicious cyberattack, it has brought the issue of third-party risk into the spotlight for the Olympics. Even if ANSSI successfully fends off a cyberattack aimed directly at the Olympics this summer, a malicious cyberattack that takes down any IT provider on the daisy chain could disrupt the Paris Olympics.
“Essentially, you have third-party software that is part of your infrastructure and your cloud. [Olympics] “In areas like communications, security and order processing, we often see systems that malfunction or are attacked, and when they malfunction or are attacked, that can have huge ripple effects,” says Eugene Spafford, director emeritus of the Center for Education and Research in Information Assurance and Security (CERIAS) at Purdue University.
Spafford said the most immediate risk was to the IT infrastructure of “organisations that are in any way connected to what’s happening in Paris or around the Olympics”, including the Games’ direct suppliers and partners, as well as hotels and other tourism businesses that will accommodate the 10 to 15 million people expected to visit France during the games.
But IDC’s Thurston urges cybersecurity teams around the world to be aware that the Paris Games will raise the level of cyberrisk far beyond the borders of Paris or France, or even the Olympics themselves. In addition to the prevalence of Olympic-themed phishing, malware and ransomware, he noted, cybersecurity teams across countries and industries may be short-staffed due to summer vacations. Additionally, 24-hour television and social media coverage of the Olympics could impair business employees’ ability to avoid cyber scams and hackers.
“Employees may be streaming something or watching web coverage of the Olympics while they’re working,” Thurston says. “Those moments can expose security, which is why organizations need to be aware of threats that may change during the Olympics.”
If the Paris Games go ahead without any major cybersecurity issues, there won’t be anyone standing on the podium to claim a medal behind the scenes, but in that case, silence may very well be golden.
What can your SOC team do?
Tips for SOC teams around the world during the heightened cyber risk of the Paris Olympics:
Intel 471’s Jess urges companies to keep an eye on geopolitical events that could make their organization (or partners or suppliers) a target for Olympics-related hacktivist cyberattacks, with ripple effects on IT systems. IDC’s Thurston urges companies to be especially vigilant of cyberthreats if their business or organization has ties to companies that play a key role in the Olympics supply chain. Purdue’s Spafford points out that you should run tabletop exercises or other tests of backup plans, fallback services, fallback servers, and hot spares to make sure they work as intended. Spafford adds that you should also raise awareness across your organization about Olympics-related phishing, clickbait, scams, and fraud campaigns and their methods. CCCS’s Khoury advises making sure your internet-facing infrastructure and operating systems are up to date and patched, and that all staff are using strong passwords with MFA. If your company is directly involved with the Olympics as a supplier or partner, don’t let your guard down during nights and weekends during the Olympics. A cyber incident is more likely to occur between 9am and 5pm during the Paris Olympics than in your company’s time zone, Khouryadds adds.
Source link
