The 2024 Paris Olympics are set to be a hotbed for cyber attacks as criminal and nation-state threat actors look totarget the games with various objectives and capabilities.
That’s according to experts from the cybersecurity firm WithSecure, who has issued an evaluation report "Olympics – Cyber Threats to Paris 2024", to alert businesses, organisations, and the general public to the cyber threats facing the Paris 2024 Olympics.
Billions of people around the world are set to tune in to the games, which take place at the end of July. This makes it one of the largest world stages in the world – and a prime target for cybercrime for a variety of malicious threat actors operating in and out of cyberspace.
According to WithSecure, attackers will be seeking opportunities to exploit people's attention, such as the fraudulent sales of fake, cheap tickets or free tour notifications. They often target organizers and sponsors, hijack events or associated sites to send political messages, and hijack relay network equipment to gain a foothold for cyber attacks.
"We strongly believe that the Paris Olympics will face a greater threat of malicious cyber activity than previous Olympics," predicts Tim West, Director of Threat Intelligence and Outreach at WithSecure.
“Hacktivists aligned with states that are pro-Russia will almost certainly try to disrupt the Olympics in some way. We assess that the level of threat these groups pose to the Olympics is moderate."
Unprecedented Level of Threat
The WithSecure report categorizes threat actors into Russian/Chinese/Iranian/North Korean state hackers, hacktivists, and cybercrime groups, and describes their attack intentions/capabilities/likely objectives.
"There are numerous threats to the Olympics, with varying levels of motivation and capabilities, and a successful cyber security operation will be a great challenge for the Olympic authorities," West continued.
"This being said, the defenders will also be well-equipped and will be able to take advantage of the lessons learned from past Olympics.”
As this year's host nation, France is acutely aware of the prestige that comes with hosting the Olympics. Hackers also know that rampant cyber-attacks can diminish that prestige.
Paris Olympics flag. rarrarorro - stock.adobe.com
As a result, the direct and indirect impact of successful attacks on individuals, companies, and organizations can be immeasurable.
In response to the clear threat, the Paris 2024 Organising Committee for the Olympic and Paralympic Games, the official organizing body of the games, has partnered with major technology companies and government agencies to mitigate the cyber threats.
“The Games are facing an unprecedented level of threat,” Vincent Strubel, Director general of ANSSI, France’s cybersecurity agency, told Reuters.
“But we've also done an unprecedented amount of preparation work so I think we're a step ahead of the attackers.”
Olympics: A hotbed for cybercrime
Alongside ANSSI and private sector partners like Cisco and Eviden, Paris 2024 officials have been developing secure networks and bolstering cyber defences.
Officials have also been conducting comprehensive audits, establishing rapid response teams and conducting awareness and training programmes.
As the the largest global stage, the Olympic Games have long been a target for hacker groups as well as state and non-state actors given the global and high-profile nature of the events.
According to Cisco, the Olympic Games in Tokyo endured an estimated 450 million cyber attacks In 2021. The company, which is an official partner for Paris 2024, says it expects eight times more attacks on the Paris Games.
The large amount of commerce and consumer data that are involved in putting on the Games also makes it a target for cybercriminals, experts note. The potential types of cyber attacks that could impact the Paris Olympics come in many forms.
Spoofing schemes, for instance, are expected to spike during the event, with cybercriminals expected to impersonate individuals or entities online through ticket scams and other phishing campaigns.
“Motivated by financial gain, cybercriminals are redoubling their efforts and will not hesitate to create websites that spoof everyday services such as web-based email, online shopping, banks and government agencies,” Paris 2024 notes on its official website.
Other, more damaging attacks could include distributed denial-of-service (DDoS) attacks, which disrupt normal internet traffic by overwhelming a targeted server or network with a flood of traffic, and various forms of malware. Experts also note that cybercriminals are using increasingly sophisticated means to boost their capabilities, which makes
"The same attack vectors that have been employed by cybercriminals are still being used; however, new technology paves the way for nefarious activity," the World Economic Forum’s Global Cybersecurity Outlook 2024 notes.
"The rapid spread of generative AI and other new technologies that can easily be used by cyber attackers poses a serious threat both for business and in public life," the World Economic Forum adds.