Guarding the Games: Cybersecurity and the 2024 Summer Olympics

As Paris prepares to host the 2024 Summer Olympic Games, athletes from around the world converge to represent their country. But beyond the cheers and medals lies a digital underworld. The cyber threat landscape during major sporting events, including the Olympics, has become increasingly treacherous.

In the past decade, the number of cyberattacks has surged dramatically. During the London 2012 Games, there were approximately 212 million cyberattacks. Fast-forward to the Tokyo 2021 Olympics and that number skyrocketed to a staggering 4.4 billion. This year, experts anticipate an even greater onslaught of threats, including disruption attempts, disinformation campaigns, and cybercrime, making robust cybersecurity measures imperative for safeguarding this global spectacle. In a recent interview, Director General of ANSSI [The National Cybersecurity Agency of France], Vincent Strubel, stated, “We are getting ready for all types of attacks — everything we see on a daily basis but in bigger, more numerous and more frequent.” Additionally, Strubel commented, “We can’t prevent all the attacks; there will not be games without attacks, but we have to limit their impact on the Olympics.”

The games are scheduled to begin July 26, 2024, with cybercriminals lurking in the shadows, armed with malware, phishing tactics, and ransomware. Their target? The vital services of the games: retail, ticketing, travel, and hospitality. Organizations need to stand guard over their information technology and cybersecurity hygiene not just during the Olympic Games but daily.

The best way to stay safe in the face of these emerging threats is to remain vigilant and informed regarding the tactics and methods of threat actors. The following are some of the threats to watch for:

1. Account Takeover and Credential Stuffing:

• With increased financial transactions during events like the Olympics, the risk of account takeover and credential stuffing attacks escalates.
• Cybercriminals exploit weak or reused passwords to gain unauthorized access to user accounts.
• Vigilance in monitoring account activity and using strong, unique passwords is crucial.

1. Social Engineering via Phishing Emails:

• Expect a surge in phishing emails related to the Olympics. These deceptive messages often promise “promotional offers” or “special deals.”
• Unsuspecting recipients may click on malicious links, leading to compromised systems or stolen credentials.
• Users should verify the legitimacy of emails and avoid clicking on suspicious links.

1. Ransomware and Malware Attacks:

• Cybercriminals seize major events as opportunities to sow chaos. Ransomware attacks can disrupt critical systems, holding them hostage until a ransom is paid.
• Malware, disguised as legitimate files or software updates, can infiltrate networks and compromise sensitive data.
• Regular security updates, robust backups, and employee training are essential defenses.

1. Ad Fraud (Including Click Fraud):

• Ad fraud targets digital advertising networks for financial gain. One common method is click fraud, where bots artificially inflate ad clicks.
• During high-profile events, cybercriminals exploit increased ad traffic to perpetrate fraud.
• Advertisers and platforms must implement fraud detection mechanisms to safeguard ad budgets.

1. Malvertising:

• Malvertising injects harmful code into legitimate online ads. When users click on these compromised ads, they unwittingly expose themselves to risk.
• Vigilance while browsing and using ad blockers can mitigate exposure to malicious ads.
• Organizations should monitor their ad networks and promptly address any suspicious activity.

Consider how the threats mentioned earlier apply to your organization’s internal network. It’s crucial to recognize that not all end users prioritize security but whether it’s clicking on the wrong link or an end user making a purchase from what they believe is a legitimate retail site within your network, these actions can lead to unauthorized access. During the Summer Olympics, all industries face heightened risks due to increased transaction volumes related to Olympic purchases (such as tickets, lodging, travel, and retail).

Fortifying the Digital Arena

Organizations should not wait for a major event to fortify their defenses and protect against cyber threats. Instead, these practices should be a daily routine, further strengthened to address potential increases during events. Consider implementing the following methods:

1. Education and Training:

• Organizations should educate employees about cyber threats, emphasizing vigilance and safe practices.
• Regular training sessions keep staff informed about evolving tactics.

2. Incident Response Plans:

• Prepare for the worst. Have robust incident response plans in place.
• Timely detection and containment minimize damage.

3. Collaboration and Threat Intelligence:

• Share threat intelligence with industry peers. Collective defense is potent.
• Collaborate with law enforcement and cybersecurity agencies.

4. User Awareness Campaigns:

• Launch awareness campaigns during the Olympic season. Remind users of risks.
• Highlight the importance of reporting suspicious activity promptly.

Before the light is even ignited on the Olympic torch, the fight against cyber threats will begin and likely be relentless, but through strategic and proactive preparation and collective effort, organizations and consumers can proactively protect themselves.

About the Author

Desrah Kraft is a Cyber Threat Intelligence Engineer at DefenseStorm. For the past three years, she has played a vital role in leading and contributing to various Incident Response efforts. Before transitioning into cybersecurity, Desrah obtained a bachelor’s degree from Mitchell College and worked for 7 years in law enforcement. This experience helped her cultivate a comprehensive understanding of security principles and investigative practices. An accomplished cybersecurity professional with 4 years of hands-on experience in analyzing malware and extensive expertise in safeguarding digital landscapes against malicious threats, Desrah possesses an unparalleled ability to dissect complex cyber threats, identify their origins, and implement effective countermeasures. Additionally, she holds multiple MITRE certifications, which demonstrate her mastery of advanced threat detection and mitigation techniques as well as the GIAC Security Essentials (GSEC) certification. Recognized for her keen eye for anomalies and proactive approach, Desrah excels in Endpoint Detection and Response (EDR), enabling rapid identification, investigation, and containment of potential breaches. Committed to continuous growth and learning, Desrah remains at the forefront of cybersecurity, dedicated to fortifying digital infrastructures and inspiring others in the field. Desrah can be reached online at [email protected] and at our company website https://defensestorm.com/