Olympics 2024: Cyber Attackers are Targeting Companies Associated With Paris Games

Organisations linked to the Paris Olympics 2024 have an increased risk of cyber attacks, including ransomware, credential leaks and phishing campaigns, a study has found.

Insikt Group, the threat research division of security firm Recorded Future, has already observed posts advertising access to Games-related organisations in France and compromised credentials using “paris2024[dot]org” domains on the Dark Web.

These findings were published in a new report highlighting high-priority threats to the Games, based on an assessment of past attacks, existing threats and geopolitical context.

Companies in industries like hospitality and transportation are more likely to pay a ransom payment during the Olympics because they will be losing more business than normal during any downtime. As a result, cyber attackers will see the Olympics as a lucrative opportunity, the report claims.

But it is not just organisations at risk, as the authors of “Hurdling over Hazards: Multifaceted Threats to the Paris Olympics” say that attendees will “almost certainly” be targeted with Olympics-related phishing schemes.

TechRepublic takes a closer look at the highest priority cyber threats to the 2024 Paris Olympics identified in the report.

Ransomware attackers target companies linked to Paris Olympics

The report authors “expect to see cybercriminals take advantage of the pressures facing a host city to extort ransomware payouts.”

Companies involved in the running of the Games will be under increased pressure to maintain high and continuous levels of service. They will be involved in sectors such as hospitality, transportation, logistics, healthcare and government. These companies will also not be used to the demand that will come with new visibility and the arrival of 15 million tourists, unlike the principal organisers, the International Olympic Committee and International Paralympic Committee.

SEE: 94% of Ransomware Victims Have Their Backups Targeted By Attackers

Furthermore, the number of companies opting to pay the ransom when struck by ransomware is currently declining, with the average payout decreasing by 32% from Q4 2023 to Q1 2024. As a result, cyber criminals are highly motivated to launch a successful attack.

These two factors compounded mean that the risk of ransomware attacks for organisations associated with the running of the Games is high, as attackers will seize the opportunity for a payday. Indeed, manufacturing, retail and construction sectors are among the top four most targeted for ransomware in France under normal circumstances, according to the report.

However, while the risk of ransomware attack is high, the level of disruption will “vary based on the critical role played by the targeted organisation,” and there is “almost no chance of a complete halt of the Paris Olympics” due to a single cyber event, according to the report authors. This is because most of the organisations and processes underpinning the Games operate separately from one another, so there won’t be a domino effect of disruption.

Ransomware forms part of double extortion

The report authors claim that ransomware intrusions are likely to be part of double extortion attacks. Threat actors will not only demand payment in return for restoring access to the company’s data but also threaten to leak it either to the Dark Web or publicly as additional leverage. Leaking the information could put the business and the Games at risk of further cyber attacks, financial penalties from regulatory bodies and significant reputational damage.

Other forms of extortion the ransomware attack could be paired with include website defacement, doxxing, distributed denial of service and executive harassment. The additional impacts of these double extortion attacks put even more pressure on the companies to pay the ransom.

Initial access brokers selling remote access to companies linked to Paris Olympics

The Insikt Group analysts believe the “increased appetite” for a successful ransomware attack on organisations associated with the Paris Olympic Games will lead to more activity from initial access brokers.

IABs are specialised threat actors that sell remote access to compromised corporate networks on Dark Web forums and via private communication channels like Telegram. Ransomware operators, or other threat actors, can buy access to organisations associated with the Games from IABs to stage their attacks.

SEE: Initial access brokers: How are IABs related to the rise in ransomware attacks?

Between the start of the year and April 29, 2024, Insikt Group monitored 17 threat leads for advertisements of initial access methods for French entities and 14 for Games-related industries in France, including sports, entertainment and hospitality. These listings were found on the Dark Web and in forums and included access to remote desktop protocol systems, web shells, File Transfer Protocol Secure and a customer relationship manager system with administrator privileges.Leaking of Paris Olympics employee credentials.

Insikt says that “the volume and value of credentials affecting the Paris Olympics will likely increase in the months preceding the event, to meet threat actor demand.”

Compromised credentials, obtained either from infostealer malware or Dark Web data dumps, are one of the main ways threat actors gain access to a target organisation’s system. They can be used to stage social engineering campaigns, business email compromise, spear phishing or other attacks, which, if successful, can allow lateral movement across an organisation’s network.

Between January 1 and April 29 this year, analysts identified 624 references to compromised credentials of Paris Olympics employees on Dark Web shops and marketplaces. Domains included olympics[dot]com, paris2024[dot]org and paralympics[dot]org, and the log-in information of an email account “likely related to a current employee.”

Phishing scams directed at Paris Olympics attendees and associated companies

“Olympic-themed phishing lures and scams will almost certainly target businesses and attendees alike,” the authors wrote.

Attackers will disseminate malware via email and text messages that harvest credentials or other personally identifiable information. Messages will include the “use of urgent language in emails, the impersonation of executives or vendors, and the use of malicious websites posing as vendors or ticketing systems.”

SEE: Spear Phishing vs Phishing: What Are the Main Differences?

Analysts have already observed typosquat registrations of Olympic Games domains, where terms have been deliberately misspelt to direct those looking for a legitimate website to a scam version in the event of a spelling mistake.

Mitigation tips for Paris Olympics cyber threats

The report’s authors have provided some mitigations that organisations relating to the Paris Olympics can take to lower their risk of cyber attack:

• Ensure comprehensive visibility of the organisation’s attack surface with a threat intelligence platform. Pay attention to alerts, automate remediations and track the threat landscape.
• Identify infostealer logs and credential leaks related to your organisation and monitor IAB advertisements to prevent account takeovers, data theft, ransomware and other attacks.
• Detect and take down domain and brand impersonations that could be used to scam customers or third parties.
• Raise awareness of phishing within the company and prioritise the patching of high-risk vulnerabilities.
• Monitor the geopolitical environment for events that could alter adversarial nations’ intent to conduct cyber intrusions against the Paris Olympics.

“Organisers and associated stakeholders must focus on an adaptive security strategy that takes into account the geopolitical threat landscape as well as the capabilities of various groups,” the authors wrote.

“Monitoring the evolution of cyber and influence threat actor TTPs and adoption of new technologies ensuring robust cyber defences among all organisations involved in the Paris Olympics from the IOC to public transportation, and fostering international cooperation in intelligence-sharing will be critical to ensuring the seamless running of the Paris Olympics.”