WithSecure™ warns that the world’s biggest sporting event draws more potential attacks from criminal and nation-state threat actors, with various objectives and capabilities, than previous Olympics.
For a variety of malicious threat actors operating in and out of cyber space, prominent events with large audiences, such as sporting events and elections, are prime targets for attack. With the Paris Olympics approaching, WithSecure™ (formerly F-Secure Business) has issued an evaluation report, “Olympics – Cyber Threats to Paris 2024”, to alert businesses, organizations, and the general public to the cyber threats facing the Paris 2024 Olympics. This report categorizes threat actors into Russian/Chinese/Iranian/North Korean state hackers, hacktivists, and cybercrime groups, and describes their attack intentions/capabilities/likely objectives.
Attackers seek opportunities to exploit people’s attention, such as the fraudulent sales of fake, cheap tickets or free tour notifications. They often target organizers and sponsors, hijack events or associated sites to send political messages, and hijack relay network equipment to gain a foothold for cyber attacks.
There is no greater world stage than the Olympic Games. More than 500 million more people watched the 2022 Beijing Winter Olympics than the 2022 football World Cup, and a further billion people watched the 2020 Summer Olympics in Tokyo. Meanwhile, organizers of Tokyo 2020 also reported facing 450 million cyber-attacks – although this is a somewhat vague statistic, as it is hard to quantify a single unit of ‘cyber-attack’.
“We strongly believe that the Paris Olympics will face a greater threat of malicious cyber activity than previous Olympics,” predicts Tim West, Director of Threat Intelligence and Outreach at WithSecure. “Hacktivists aligned with states that are pro-Russia will almost certainly try to disrupt the Olympics in some way. We assess that the level of threat these groups pose to the Olympics is moderate.”
As this year’s host nation, France is acutely aware of the prestige that comes with hosting the Olympics. Hackers also know that rampant cyber-attacks can diminish that prestige. As a result, the direct and indirect impact of successful attacks on individuals, companies, and organizations can be immeasurable.
Below are some of the other evaluations pointed out by WithSecure in the report:
– Network defenders involved in Paris 2024 are almost certainly well-equipped and prepared to mitigate Computer Network Exploitation (CNE) and Computer Network Attacks (CNA) operations.
– WithSecure assess with moderate confidence that some nation-state-sponsored intrusion sets (China, Iran, DPRK) may have objectives that can be achieved by capitalizing on the topic of the Olympics, however the threat posed from these to the Olympics itself is LOW.
“There are numerous threats to the Olympics, with varying levels of motivation and capabilities, and a successful cyber security operation will be a great challenge for the Olympic authorities,” says West. “This being said, the defenders will also be well-equipped and will be able to take advantage of the lessons learned from past Olympics,” he concludes with optimism.
“Olympics – Cyber Threats to Paris 2024” can be downloaded here:
https://www.withsecure.com/content/dam/with-secure/en/resources-library/202407_WithSecure_Olympics_Threat_Report_ENG.pdf