Cybersecurity blog header

Cyber-attacks on the Olympic Games. Bad guys go for the gold at Paris 2024

- Ciber 4 All Team

Cyber-attacks at the Olympic Games threaten the running of competitions

Cyber-attacks at the Olympic Games pose a threat to organizers, suppliers, involved sectors and even sports fans

While broadcasters worldwide were broadcasting the opening ceremony of the 2018 Winter Olympics, their technology infrastructure was under attack. Hostile actors were able to infect the Pyeongchang Olympics servers with Olympic Destroyer malware. In this way, they made WiFi connections and security gates for all facilities, but the event’s official website and ticketing system stopped working.

The team in charge of cybersecurity at the Olympic Games needed to contain the attack all night, restore the normal functioning of its technological infrastructure, and get the competitions underway in the morning without any major problems.

This incident showed that cyber-attacks on the Olympic Games are a real threat, especially in the current turbulent geopolitical context. After months of investigation, it was concluded that Sandworm, an advanced persistent threat (APT) group linked to the GRU, Russia’s intelligence service, which had been sanctioned for doping practices, was behind the attack.

The malicious activity did not abate at the following Olympic Games. Numerous attacks were also recorded during the Tokyo 2020 Olympics, which will be held in 2021 under special circumstances due to the fight against COVID-19.

Likewise, criminal groups have targeted other major sporting events, such as the World Cup or the recently concluded European Championship.

Who could be affected by cyber-attacks at the Olympic Games?

Given the history we have just described, it is expected that multiple hostile actors will launch cyber-attacks at the Olympic Games that may directly affect:

  • The event’s organization includes the opening ceremony, competitions, sports broadcasts, ticket sales, accommodation and mobility of participants.
  • Supplier companies that are indispensable to the organization of the Games.
  • Companies in sectors strongly related to an event of this scale: tourism, transport, logistics…
  • The sports delegations and, above all, the VIP attendees (political leaders, multinational executives…).
  • The thousands of sports fans who will travel to Paris to watch a competition live and enjoy the Olympic atmosphere.
  • The audiovisual companies that have the rights to broadcast the Olympic Games may suffer audiovisual fraud.

To do so, they can use social engineering techniques to gain access to technological infrastructures, resort to all kinds of malware (ransomware, spyware, etc.), carry out distributed denial of service (DDoS) attacks, or exploit weaknesses in WiFi or Bluetooth connections to sneak into personal devices such as cell phones.

What are the targets of hostile actors targeting the Olympics?

Why will a wave of cyber-attacks occur at the Paris 2024 Olympic Games? In cybersecurity, a year is equivalent to a decade in other fields. Changes occur rapidly, and cyber criminals constantly develop new techniques, tactics and procedures to overcome organizations’ defensive mechanisms.

Thus, the threat landscape of 2024 is much more complex than that of 2018 or 2021. We must add that the geopolitical situation is more shaky and dangerous. So some of the APT groups linked to states such as Russia (which has been vetoed in this edition because of the war in Ukraine), North Korea, Iran or China may see the Paris Games as the perfect occasion to:

  • Undermine the reputation of the International Olympic Committee and, above all, of the host country, France.
  • Use cyber-attacks on the Olympic Games to carry out propaganda and to launch disinformation campaigns on social networks, which are already taking place.
  • Spy on some of the most influential people in the world, who will be in Paris during those days.
  • Disrupt the development of competitions and the daily lives of hundreds of thousands of citizens who visit Paris during those weeks.

Beyond geopolitical disputes, there is an excellent motivation for malicious actors to launch numerous cyber-attacks on the Olympic Games: to make money illegally. How? Through:

  • Ransomware campaigns hijack data from the organization or its suppliers.
  • Social engineering techniques to sell fake tickets to events.
  • Fraud against the tourism sector.
  • Sale of sensitive personal data.
  • Etc.

Cyber-attacks at the Olympic Games may also affect companies that are part of the ecosystem of this event

Can cyber-attacks at the Olympics affect competitions?

What happened in Pyeongchang in 2018 shows that hostile actors can cause the opening and closing ceremonies and competitions to be affected by cyber-attacks at the Olympics. Some attendees at the opening ceremony could not access the stadium due to the crash of the Olympics app.

After all, in today’s fully digitized world, the Olympic Games have a vast technological infrastructure, which results in a very high level of cyber exposure.

This is why the French cybersecurity agency, ANSSI, has been preparing for this event for years and has carried out tests on the 500 facilities linked to the Paris 2024 Olympics and, together with technology providers, has implemented an action plan revolving around five items:

  1. Improve the knowledge available on the threats facing the Games.
  2. Protecting critical information systems.
  3. Safeguarding sensitive information.
  4. Raise awareness of the risks faced by the entire Olympic ecosystem.
  5. Be prepared to respond to cyber-attacks on the Olympic Games, minimize their impact, expel hostile actors and restore normality in the shortest possible time.

Even so, the agency recognizes that, despite all the work done to improve the cyber-resilience of the entire ecosystem linked to the world’s largest sporting event, cyber-attacks may occur at the Olympic Games that are so serious that they affect the event’s development.

Many companies are directly or indirectly involved in the Olympics.

Beyond the sporting competitions and logistics related to the thousands of athletes who will be in Paris 2024, the ecosystem around an event of this magnitude is immense.

The organization of the Olympics could not take place without the hundreds of suppliers covering all the sporting and organizational aspects of the event. Technology suppliers are particularly critical in this respect. Without going any further, in Pyeongchang 2018, not only was the organization itself attacked, but malicious actors also attacked one of its leading technology providers.

Although cybercriminals target suppliers, they are not the only companies that must prepare for cyber-attacks at the Olympics.

For example, Pyeongchang 2018 also saw security incidents at ski resorts that saw their ski lift systems crippled, disrupting their business continuity.

Which sectors should be particularly aware that they are a priority target for hostile actors?

  • Transportation. During the weeks of the Olympics, there will be vast flows of people.
  • Logistics. This event requires the participation of a multitude of logistics companies to make it all work.
  • Tourism. Paris is one of the most touristic cities in the world, but during the Olympics, it will attract a historic number of visitors. Therefore, criminals are expected to seek to commit fraud in the tourism sector by impersonating hotels and travel agencies and defrauding visitors. Hence, hotel companies must increase their resilience against cybercriminals.
  • Audiovisual. Acquiring the broadcasting rights for the Olympic Games involves a significant outlay, so companies with the right to broadcast the competitions must resort to cyber-intelligence services to prevent piracy and audiovisual fraud.

Sporting events have become a target for cybercriminals

What can companies do to protect their businesses from malicious actors?

Hosting the Olympic Games involves enormous investments, and in some cases, such as Barcelona 92, it can even completely transform the cities in which they take place. Thousands of companies are also looking to profit from the Olympics. But what can companies linked in some way to this event do to avoid suffering security incidents that could hamper their operations?

This is where value-added cybersecurity services come into play to increase the level of protection for companies and help them respond to cyber-attacks at the Olympics effectively:

  • Website security audit and cloud security assessment make detecting vulnerabilities possible and prioritize their mitigation before hostile actors exploit them to commit attacks.
  • Penetration testing. Through pentesting, cybersecurity professionals use the TTPs of malicious actors to find critical vulnerabilities that affect corporate assets.
  • Red Team Service. Companies with a higher level of cybersecurity maturity can undergo Red Team scenarios to analyze their defensive capabilities against actual attacks before they occur.
  • Incident response service. Suppose a hostile actor manages to overcome the defensive mechanisms. In that case, responding to the attack immediately is essential, identifying the threat, containing its propagation, expelling the attacker, and restoring normality.

These services aim to optimize companies’ prevention, detection and response capabilities and avoid reputationally and financially costly security incidents.

Going to the Olympics? Be cautious

Beyond the threats faced by thousands of companies, citizens may also suffer in their flesh the effects of cyber-attacks at the Olympic Games.

Earlier, we highlighted fraud in the tourism sector, which seeks to trick visitors into making illegitimate financial payments or providing their financial data.

We must add the proliferation of campaigns that use social engineering to market fake tickets to attend the thousands of sports competitions that make up the Olympic Games.

A few days ago, it was revealed that a Ticket Heist campaign has more than 700 domains to market fake tickets. To do so, they use malicious websites that are sufficiently elaborate to present a semblance of reality.

In addition, French security forces have warned of more than 300 websites for the illegal resale of tickets.

Considering that the Olympic Games organization sells 13 million tickets, it is not difficult to understand why cybercriminals are interested in committing this kind of fraud using techniques such as malvertising on search engines and social networks.

The Olympic flame is about to reach the Stade de France. Millions of people are eager to enjoy the greatest sporting spectacle on the planet. To do so smoothly, the organization and its suborganization—the entire Olympic ecosystem—must have the necessary resources to prevent and respond quickly and effectively to cyber-attacks on the Olympic Games.

Unfortunately, the Olympic truce that governed the ancient Olympic Games is no longer in effect. Today, the most important sporting event on the planet is no longer a place free of conflict.