Beginning in 1896 Greece, the Olympic Games have now become a global phenomenon that brings entire nations together in a celebration of athleticism, patriotism, and unity. The massive sporting event brings millions of people together as countries put forth their best athletes and come together in a global arena. However, major occasions like the Olympics also attract people with malicious intentions as well. Given the drastic digital transformation in the modern world, Olympics cybersecurity is now a major concern whenever the event takes place.
The Paris 2024 Olympics is expected to begin on the 26th of July with an exciting opening ceremony on the Seine. The Olympics attracts 15,3 million visitors, involves 206 nations, and consists of 869 events. Every country hosting the Olympic Games understands the massive influx of attention and the growing pressure to withstand it. This is why the Paris 2024 Olympics has come under scrutiny given the enormous risk of cyber-attacks on the event. In this blog article, we look at the growing cybersecurity concerns around the Paris 2024 Olympics and try to explore the major risks the event presents. We also touch on previous cyber attacks on the Olympics and whether France is fully prepared. First, let’s try to understand the Paris 2024 concerns a bit better.
Image source: https://www.shutterstock.com/
Paris 2024 Olympics Cybersecurity Concerns
The French government has admitted that the Paris 2024 Olympics are facing “an unprecedented level of threat.” Vincent Strubel, the director general of ANSSI, stated that there will not be Games without attacks but also noted that those attacks must be limited by advanced cybersecurity protocols. ANSSI is a national service created under the authority of the French Prime Minister and attached to the General Secretariat for Defence and National Security in preparation for the Olympics. The organization is responsible for the management of the strategy for the prevention of cyberattacks at the Games.
ANSSI has acknowledged the dangers facing the event, stating that “the Paris 2024 Olympic and Paralympic Games are likely to attract the attention of various malicious cyber actors who may seek to take advantage of the event to gain visibility and make their claims known, damage the image and prestige of competitions such as those of France, or simply seek financial gains through extortion.” The agency further noted that these various threats to the Games are further “amplified by the digitalization of this type of event in terms of the general organization, the running of the events, the logistical aspects, the infrastructure and the rebroadcasting of the events via different media.”
As the event draws closer, the Games are expecting a surge in cyber-attacks. Research has already revealed a substantial surge in darknet activity - with an 80-90% increase observed between the second half of 2023 and the first half of 2024. According to IDC, the Paris 2024 Olympics will see the largest number of threats, the most complex threat landscape, the largest ecosystem of threat actors, and the highest degree of ease for threat actors to execute attacks. The organization estimates that revenue from cybersecurity services in France will increase by US$ 94 million in 2024 as a result of the Olympic Games.
Richard Thurston, the research manager at IDC, has warned that cybercriminals are leveraging global sporting events like the Olympic Games to craft new targeted threats to businesses and citizens, knowing that their target is often distracted and more prone to social engineering." He further added that the threat extends beyond the Games itself and includes fixed and mobile networks in Paris, transportation infrastructure and companies, hotels and the leisure industry, and financial networks.
The Paris 2024 Olympics is stated to be the most connected Games ever – with infrastructure such as back-of-house systems, financial systems, critical national infrastructure, city infrastructure, sports technology, broadcasting technology, and merchandising and ticketing.
Paris 2024 Olympics' Systems Hit By Global IT Outage
According to Reuters, the Paris Olympics' organising committee announced on July 19 Friday that a global cyber outage has affected its IT operations, just a week before the Games begin. "We have activated contingency plans in order to continue operations," the organising committee said in a statement.
The global cyber outage was caused by a CrowdStrike update, which caused computers running Windows to crash and show the Blue Screen of Death, resulting in an inability to reboot for companies worldwide. The outage had impacted not only Paris 2024 Olympics, but also on transportation, broadcasting, financial, retail, and other organizations across Europe, Australia, the US, and other locations. You can read more about how CrowdStrike 's Faulty Update Leads to Global IT Outage, Disrupting Global Operations in this article.
Sourced from BBC
Cybersecurity Attacks on the Olympics
Hosting the Olympic Games is a great honor for any country and presents an opportunity to showcase your country’s talents, beauty, and capabilities to the rest of the world. However, the surge of Olympic Games cyber-attacks has also caused quite a stir for these host countries and the millions of viewers, attendees, and athletes involved. To fully understand the threat scale of Olympics cybersecurity, we can simply look back at previous Olympic events and the past attacks on the Olympics:
Brazil 2016 Olympics Cyber Attack
The 2016 Summer Olympics took place in Rio de Janeiro. However, before the games could even begin, the official Rio Olympics website and several organizations associated with the Olympics suffered a large-scale, sustained Distributed Denial-of-Service (DDoS) attack that lasted several months. Later on in September, a hacking group called Fancy Bear used a phishing campaign to access the World Anti-Doping Agency database and release confidential information about medication used by forty-one athletes who competed in the Rio Olympics.
South Korea 2018 Olympics Cyber Attack
The 2018 Pyeongchang Winter Olympics saw the use of malware called the "Olympic Destroyer" during the opening ceremony of the Games which caused the Wi-Fi network to crash. This affected broadcasting drones, news coverage, the official Olympics smartphone app, and ticketing functions.
Japan 2020 Olympics Cyber Attack
The 2021 Summer Games in Tokyo reported that it faced 450 million attempted security events. These included the use of Emotet malware, email spoofing, phishing, fake websites, attacks on critical infrastructure, ransomware, DDoS attacks, and 5G network attacks. The games were held during the COVID-19 pandemic and faced significant cyber threats both before and during the event.
China 2022 Olympics Cyber Attack
The 20222 Winter Olympics in Beijing came under scrutiny as well when the official My2022 app used by athletes to track health data was found to have security flaws that could allow hackers to access sensitive information. The app could also be used to monitor politically sensitive keywords sent in messages.
While every Olympic Games event has to endure its share of digital warfare, organizers and hosts must try to stay ahead of cyber threats and prepare themselves for the massive surge in cyber-attacks. Now, let’s try to answer if the Paris 2024 Olympics is actually prepared enough for the oncoming cyber threats it may face.
Is the Paris 2024 Olympics Prepared for a Cyber Attack in France?
The system set up by the French ANSSI agency has set itself the task of securing the Paris 2024 Olympics' digital infrastructure. In collaboration with other organizations, the agency has structured its Olympics cybersecurity around five main axes:
- Increasing the knowledge of cyber threats to the Games
- Securing critical information systems
- Protecting sensitive data
- Raising awareness in the Games ecosystem
- Preparing to respond to cyber-attacks affecting the Games
The agency has also implemented an awareness-raising plan aimed at hundreds of players in the Games ecosystem and organized several crisis-planning exercises. The Paris 2024 Organizing Committee for the Olympic and Paralympic Games has since partnered with major technology companies and government agencies to mitigate cyber threats – these include Eviden, Alibaba, Deloitte, Orange, and Cisco. ANSSI, however, is confident that the Paris 2024 Olympics will be safe and is confident in the cybersecurity in place. The agency noted that there are 500 sites, competition venues, and local collectives, and all of them have been tested by the team. According to the IDC, organizations in Europe will increase spending on cybersecurity services by US$ 150M in 2024 to mitigate Games-related risks.
In its cyber threat overview report last year, ANSSI noted that all stakeholders connected to the Olympic Games are “pursuing their efforts to improve the security of information systems involved following the threat and to implement a reinforced detection and incident response system.” Eric Greffier, the technical director for Paris 2024 at Cisco France, likened the event to a full-scale IT project because most of the technological challenges associated with the Paris 2024 Games are the same as those of businesses.
The ANNSI agency has also been making use of ethical hackers to stress test the Paris 2024 Olympics systems and is using Artificial Intelligence to help them do a triage of the threats. Franz Regul, the managing director for IT at Paris 2024, stated that AI helps to make the difference between a nuisance and a catastrophe. Regul forwardly told the New York Times that there is doubt that they will be attacked. While there have been no disruptions yet, he knows that the threats will rise exponentially closer to the opening of the event. Regul expects the number of cyber security events to be multiplied by 10 compared to the 2022 Tokyo Olympics.
The Paris 2024 cybersecurity officials use military terminology to talk about their activities - describing “war games” meant to test specialists and systems and referring to feedback from “veterans of Korea” that have been integrated into their evolving defenses. While Regul declined to speculate about any specific nation that might target this summer’s Games, he noted that organizers were preparing to counter methods specific to countries that represent a strong cyber threat. To understand these threats better, we’ll now look at some of the key cybersecurity risks facing the Paris 2024 Olympics.
Key Cybersecurity Risks for the Paris 2024 Olympics
In 2017, a report from the University of California stated that new technologies in major sporting events opened the door to cyber-attacks that could threaten public safety, diminish the fan experience, and undermine the integrity of competition. The Paris 2024 Olympics is already noted to be the most connected Olympics event to date – using advanced technology and infrastructure that leave the event open to evolved cyber threats.
While elevated infrastructure massively improves the Olympic Games in terms of viewership, safety, efficiency, and practicality – these advances are also a double-edged sword that invites cyber threats. According to Reuters, organized crime, activists, and states will be the main threats during the Paris 2024 Olympics. Some of the main cyber risks expected at the Paris 2024 Olympics include:
- Social Engineering and Phishing: Most social engineering attacks rely on the naivety or oblivion of the victim. At the Olympics event, many attendees will be tourists who might not be familiar with the language and landscape or sporting fans who might be too caught up in the moment to pay attention to their cybersecurity. Social engineering and phishing attacks around sporting events usually focus on ticket sales, and scam promotions to lure victims into giving away their private details. The official website of the 2024 Olympics has also warned that cybercriminals motivated by financial gain are redoubling their efforts and will not hesitate to create websites that spoof everyday services such as web-based email, online shopping, banks, and government agencies.
- Distributed Denial-of-Service (DDoS) Attacks: A DDoS attack focuses on disrupting operations and is one of the most common cyber-attack vectors used for major sporting events. By overwhelming systems with excessive traffic, a DDoS Olympic cyber attack can easily destabilize websites, ticketing machines, applications, and online services.
- Politically Motivated Attacks: The current geopolitical landscape presents several threats to the Olympics cybersecurity. With state-sanctioned cyber-attacks and hacktivists on the rise, the event could be used as a platform to spread propaganda, disrupt ceremonies, or spread misinformation about other countries.
- Cyber Espionage: These are campaigns run to spy on other athletes, VIP personnel, or people of influence at the event to gain insight into strategies, health status, training programs, and other private information.
- Attacks on Olympic Organizations or Affiliations: These are cyber-attacks on supplier companies used for the duration of the Games. This includes broadcasting agencies, sports delegations, logistics companies, transport companies, and more. Cyber-attacks against these entities can have massive supply chain issues and disrupt operations within the Games for the athletes, attendees, and viewers.
- Fraud in the Tourism Sector: The Paris 2024 Olympics will bring an influx of tourists from other countries to France. Hackers may use this opportunity to take advantage of people being in a new country by running scams for tickets, accommodation, tour guides, and more. Open Wi-Fi networks could also be used to access vulnerable devices and steal private information.
While all these Olympic cybersecurity threats are prevalent today, the risks to digital infrastructure are constantly evolving and hackers are finding new and more devastating ways to disrupt, access, and control systems. Let us now look at some of the cybersecurity trends that have changed the digital landscape in 2024.
Cybersecurity Trends in 2024
As technology grows and elevates to meet the growing needs of businesses, people, and governments – every step taken toward success is met with equal progress for cyber threats. Cybersecurity trends in 2024 have enabled and pushed cyber threats to evolve and become a force to be reckoned with. These are some of the main cybersecurity trends that have also contributed to the risk against the Paris 2024 Olympics:
Artificial Intelligence
The rise of AI cyber-attacks has drastically shifted the way cyber threats are seen in the international community. With AI, hackers can automate the creation of malware and phishing scams, be used to create convincing deep-fakes, and so much more. In 2023, the International Olympic Committee stated that it had been targeted by “fake news posts'' containing “defamatory content, a fake narrative, and false information.” The campaign used Generative AI to create quotes from I.O.C. representatives, fake news stories citing those fabricated comments, and even a Netflix-style documentary series released online - narrated by a deepfake Tom Cruise.
However, AI can also be used on the good side of this war with AI-Powered Cybersecurity Solutions being part of the Olympic arsenal. The Paris 2024 Olympics will feature innovative AI technology to detect and respond to cyber threats directed at the event while the Games themselves will be using AI to create immersive and unique experiences for fans.
Advanced Phishing Schemes
Another cybersecurity trend has been the use of advanced phishing schemes that might target attendees, employees, or viewers. These scams are now also bolstered by the use of AI and can seem very convincing. Phishing attacks are quickly becoming common with sporting events where hackers might offer discounts or promotions to eager fans while pretending to be a legitimate organization.
Political Cyber-Attacks
Hacktivism has quickly been gaining traction in the cybersecurity industry as politically motivated threat actors find ways to disrupt events, platform their ideas, or spread propaganda. This is also a relevant trend that the Paris 2024 Olympics needs to look out for.
As the Paris 2024 Olympics draws closer, we need to be wary of the cybersecurity risks that face the event, the attendees, the athletes, and the viewers at home. On such a global scale, we can only hope that the precautions and measures in place by the Paris Olympics IT team and its affiliates will be enough to prevent a cyber attack in France from affecting the proceedings. All organizations should invest in advanced cybersecurity and infrastructure to ensure that their systems remain protected, efficient, and capable. Contact Sangfor today for information on enhancing your cloud infrastructure and cybersecurity or visit www.sangfor.com to learn more.
