The Olympic Games is a massive sporting event that attracts billions of people worldwide. But where there are thousands of people – fans and supporters; there are also cybercriminals. Such events have always caused a spike in the number of cyberattacks of different kinds. In this post, we will discuss exactly this – risks of 2024 Olympic cyberattacks.
Cyber Threats Facing the 2024 Paris Olympics
On July 26, the Olympic Games kicked off in Paris. However, as historical data shows, this is a significant challenge not only for athletes but also for the organizers. Specifically, the cybersecurity department needs to be particularly vigilant: 450 million attempted cyberattacks happened during the previous Olympic Games in Tokyo. These days, with all the advancement in technology, experts expect even more of them.
In 2024, 4 billion cyberattacks are expected, which is nearly eight times more than in the previous year. As the CEO of ANSSI (the organization responsible for managing the cybersecurity strategy for the Olympic Games) said, “We can’t prevent all the attacks, there will not be Games without attacks but we have to limit their impacts on the Olympics”.
2024 Olympics Cyber Threats: Who and Why?
There are a few factors to address before switching to actual threats: who may need to cause problems at a sporting event, and why. During these volatile times, a lot of countries have tensions between them. Though a few of them will certainly expand these disagreements to Olympic Games.
One of the key country that is interested in causing disruptions and chaos during Paris Olympics is Russia. This country, together with a handful of its tamed threat actors, has every reason to attempt to disrupt the Games. Sure enough, they mostly revolve around politics: at least grudges about participants supporting Ukraine in the war against them is enough. But be sure, they have even more pet peeves to pay off in such a sly way.
North Korea, a close ally of theirs, likely wants to take its bite, too. Their all-encompassing interest in gathering intelligence data ideally combines with such a massive event. And since NK threat actors are often forced into funding themselves with foreign currency, it will be a great feast for money-related phishing attacks.
Another country, well, even cluster of countries whose threat actors may take a look, is the Middle East. Although less numerous and more oriented towards regional conflicts and enemies, they fancy having such a source of data.
A more politically-agnostic threat comes from financially motivated actors. While this can overlap with the first two points, it is primarily unrelated to political or personal beliefs—it’s just a business. Malicious actors will attempt to attack every link in the chain and every area that can potentially be monetized, which I will elaborate on further.
Who is at Risk?
In reality, cybercriminals have boundless opportunities and a vast, untapped field in these year’s Olympic Games. This year, 84 companies have become official Olympic partners. Additionally, there are those connected through third-party services, such as hotel suppliers or those offering travel and leisure services.
Besides organizations and individuals directly and indirectly related to the event, critical infrastructure and other entities are at risk. These include telecommunications, energy, healthcare, and logistics in Paris. Individuals and fans must be particularly vigilant, as there is a high risk of scams, such as ticket fraud or fraudulent voting, which we will discuss further.
Key Cybersecurity Risks for the Paris 2024 Olympics
First, let me clarify that issues began a week before the event due to a global outage caused by an unsuccessful CrowdStrike update. Although not directly related to the event, this incident affected the preparations for the Games. But that is by far not the last problem during the event. With that being said, let’s dive into the threats that we will encounter in the nearest few weeks with a great probability.
Phishing
Phishing is rightly one of the most widespread and dangerous cyber threats, and it becomes particularly effective during major events. Scammers may send messages posing as official communications, such as notifications or announcements related to the Olympics. These messages are most often sent via email but can sometimes be sent as SMS messages.
Typically, these emails and SMS messages appear to come from the International Olympic Committee (IOC) or a related government agency. Red flags include links (often shortened using URL shorteners) or attached files (documents, archives, etc.). Clicking on these links or opening these files can eventually lead to fraud, malware attack and/or data theft. Nowadays, scammers might use various tricks, including sending messages purportedly from famous athletes or other officials. These messages might even request personal information, such as passwords or credit card details.
Malware Attacks
As an accompanying danger of phishing attacks there is a malware spreading risk. Frauds use email, SMS and other types of communications for different purposes, but only the former attracts them the most. The reason for this is its flexibility: one day you spread phishing links, and the other – malware-infused files. Just a single hasty click may separate you from getting the entirety of your online accounts compromised, bank accounts drained, and files encrypted.
Once again, the flexibility of email messages allow adversaries to exercise in social engineering. Celebrity endorsements, whaling, even a kind talk – all this fluently combines with malware delivery, making the attack tremendously effective.
Social Engineering
Amid the excitement surrounding the Olympic Games, scammers may try to manipulate people. For instance, con actors might pose as the IOC or a financial organization, asking people to support a particular athlete by sending a certain amount of money.
Of course, no sport is complete without betting. Scammers may impersonate betting companies, accepting bets on athletes at some unbelievably good coefficients. Naturally, no one will win anything except the scammers.
Another common scam involves charity collections. Scammers pose as a charitable organization (or an event partner/sponsor) and ask people to participate in a charitable donation. Considering how many wars and other disasters happen in the world, it may be problematic to distinguish the good from bad.
As I have mentioned multiple times, the political situation in the world heavily influences events, and the previous Games in Tokyo are an example. In 2018, Russian hackers launched a computer worm called “Olympic Destroyer.” It was used in an attack on the opening ceremony of the Winter Games in Pyeongchang, disrupting WiFi at the stadium, RFID systems, and the broadcast of the opening ceremony. Although Moscow denies involvement, the US Department of Justice in 2020 charged six hackers from Russian intelligence.
Fortunately, this year’s ceremony went smoothly, but that doesn’t mean threat actors won’t try to sabotage the event. There is a high likelihood that, in an attempt to disrupt the event, malicious actors will send provocative SMS messages, such as notifications of a terrorist threat. Although not a profitable endeavor, it can cause panic and interfere with the Olympic Games. This can also dull people’s vigilance or make them distrust official messages.
How to Stay Safe
The first recommendation is to exercise extreme caution when receiving any messages, especially those related to the Olympic Games. Carefully verify the sources of information and do not open suspicious attachments or links, even if they seem convincing. If you come across a fundraiser or advertisement related to the Olympics, do your own research. Investigate it thoroughly before participating, entering your information, or sending money.
Don’t fall for fakes. Scammers may launch advertising campaigns, such as offering to download an app or follow a link to watch a live broadcast in high quality. These sites are often placeholders that request you to send an SMS to receive an up-to-date link or ask you to download an app. In any case, after sending the SMS/payment, you will not receive a link to the broadcast, and in the worst case, you will download malicious software.
Use anti-malware solutions. In the era of AI and deepfakes, it is becoming increasingly difficult to distinguish fake from real. Malicious actors can convincingly promote phishing links through ads or the aforementioned methods. Using an anti-malware solution, such as GridinSoft Anti-Malware, will prevent malware from downloading and deploying on your device. Moreover, an Internet Security module can block suspicious or dangerous sites before they attempt to download a malicious file.