Many cyber attacks are expected during the Olympics
Four billion cyber attacks.
That’s what the organizers of Paris 2024 expect from the Olympic event.
This was stated a few days ago by Gilles Walbrou, chief technology officer (i.e., chief technology officer) of DataDome, a French cybersecurity company that has set up a kind of operations center in the heart of the French capital for the Olympics.
Indeed, the opportunity of the Olympic Games for criminals is too good to pass up, as it has been, after all, for previous events. The Pyeongchang Winter Olympics in 2018, suffered a cyber attack that crashed the official website, knocked out broadcasts and damaged ticket sales systems.
For the 2016 Rio Olympics, however, pirates launched a long-term DDoS attack before the Games. Also, during the same Olympics, athletes’ private medical data was stolen by Russian hackers. At the Tokyo Olympics in 2021, the Nippon Telegraph and Telephone Corporation, the telecommunications company in charge of cybersecurity, calculated that it blocked about 450 million threats.
Adding to the economic factor is the geopolitical one: in addition to the large movement of people and money unleashed by the Olympic event is the fact that France is a major supporter of Ukraine and therefore remains a prime target of pro-Russian activist hacks who have openly threatened Paris.
On June 23, according to Intel 471, the group called the People’s Cyber Army (translated from Russian), posted a picture of the Eiffel Tower with the five Olympic circles on fire and announced that it will participate in a new Olympic sport: DDoS attacks, Distributed Denial of Service, a kind of attack that consists of a significant demand for simultaneous access to an Internet site with the goal of saturating the system and making the site unreachable. Pro-Palestinian cyber activist groups may also seek to attack during the Olympics, given the fact that Israeli athletes will participate in the competitions without restrictions that are imposed on Russian and Belarusian athletes instead.
For all these reasons, Paris has put in place extraordinary security measures, so much so that the analyst firm IDC has predicted that the Games alone will increase security revenues in France by 2 percent, an increase of $94 million for vendors and industry partners.
The reasons why an Olympic event is so palatable we know and can easily imagine, just as it is easy to imagine the types of attacks.
At the top of the list is phishing, the attack in general most used by criminals and which in a context like the Olympics can become exponential: fans may in fact be more distracted, caught up in the excitement and not paying attention to the many types of messages they receive.
Then there are ticket-related scams because fans desperate for tickets to attend major sporting events can become very easy targets and fall into the trap of signing up for fake waiting lists or buying fake tickets, handing over not only money but also personal information to criminals.
The event is also a meeting place for many personalities, who easily share network resources. There is a lot of sensitive information that a criminal could use to blackmail the athletes, who are the protagonists of the event. Sensitive data, medical information that represent tasty morsels for cybercrime. A situation that encourages espionage activity and has put intelligence agencies around the world on alert.
Then there is the fact that the many companies involved in the gaming supply chain become much more vulnerable than usual at this time.
Criminals are well aware that these certainly cannot afford to disrupt their activities, whatever the cost.
As a result, they are much more willing to pay ransom in the event of an attack. IDC reports that only about half of large French companies believe they have sufficient capabilities to proactively research or adequately analyze threats.
Worse still, less than 20 percent of French companies would describe their cybersecurity posture as “mature or better,” the firm reveals. Small businesses, which have fewer cyber security protections, are even more at risk.
An analysis confirmed by Proofpoint spoke of 66 percent of official Olympics partners not taking cyber security measures to proactively block scam emails, the main vector of attack.
Another risk is that of fake race streaming websites, aiming to trick viewers into sharing personal data.
These sites, which typically have suspicious domain names, may request payment details with the (false) promise of exclusive content.
Not to mention deepfakes made with artificial intelligence, which can spread very realistic videos in which, for example, Olympic athletes ask fans to send money and cryptocurrency for some particular reason.
Last but certainly not least is the risk associated with using public Wi-Fi, a tool to stay away from as much as possible to avoid unpleasant data theft.
In short, the Olympics in today’s reality represent a real obstacle course from a cyber risk perspective. Visitors, athletes, organizers, journalists, and the entire world revolving around an event of such magnitude are required to be fully present and focused for every action taken online, even the one that may seem the most innocuous.
The bad news is that there is no such thing as harmless actions carried out online, because we know how skillful and cunning cybercrime is and is always finding new ploys to deceive its chosen victims.
But there is also good news: with a proper digital posture that can only be earned through quality customized training, pirates will find very hard bread for their teeth and will most likely desist from their criminal aims.