As Paris Olympics approach, so do cyber threats

Since the announcement of Paris hosting the 2024 Summer Olympics, the sporting world has been buzzing with anticipation. From July 26 to August 11, the global event is set to showcase the pinnacle of athletic achievement, drawing athletes and spectators from around the globe. However, as the excitement builds, so does the vigilance of cybersecurity experts.

High-profile events like the Olympics are prime targets for cybercriminals. The potential threats are vast and varied, from sophisticated phishing schemes and ransomware attacks to disruptive DDoS attacks and intricate disinformation campaigns. Cybersecurity firms are already observing increased activity from malicious actors, aiming to exploit the global spotlight.

As preparations continue, it’s important to stay informed about the cybersecurity challenges that the Paris Olympics may face—as well as the steps being taken to safeguard the Games.

Why big events are major cybersecurity targets

High-profile events like the Olympics are magnets for cybercriminals due to their global prominence, intricate digital ecosystems, diverse participants, tight schedules, and geopolitical stakes. These factors combine to create a perfect storm for cyber threats.

High visibility and global attention

The immense global visibility of the Olympics makes them prime targets for cybercriminals. Disruptions at such events gain international attention, amplifying the impact of any attack. For example, the 2022 Qatar World Cup faced numerous cyber threats, with hackers aiming to disrupt critical infrastructure to gain notoriety and potentially cause chaos on a global scale. The larger the audience, the higher the potential payoff for cybercriminals seeking fame and financial rewards.

Complex IT infrastructure

The digital infrastructure supporting events like the Olympics is incredibly complex, encompassing ticketing systems, live broadcasts, communication networks, and security protocols. This complexity provides multiple entry points for cyberattacks. During the 2018 UEFA Champions League final, hackers targeted over 500,000 internet-connected devices, aiming to disrupt the event. The intricate systems necessary for managing such events present numerous vulnerabilities that attackers can exploit, leading to significant disruptions in ticketing and broadcasting services.

Diverse stakeholders

The Olympics brings together a wide array of stakeholders: athletes, sponsors, media personnel, and spectators. This diversity multiplies the potential targets for cybercriminals. Take the 2018 Commonwealth Games, for instance. Cyberattacks targeted the event infrastructure and also the personal data of participants and attendees. With so many different groups involved, cybercriminals have plenty of avenues to exploit, each offering valuable data for malicious purposes.

​Time-sensitive operations

The strict schedule of the Olympics creates an urgency that cybercriminals are keen to exploit. Any delay or disruption can lead to severe financial and reputational damage, increasing the likelihood of ransom payments to resolve issues quickly. A prime example is the ransomware attack during the 2016 Rio Paralympics. The timing of the attack was designed to exert maximum pressure on organizers, leveraging the critical timeline to force a quick ransom payment.

Geopolitical significance

The geopolitical dimensions of the Olympics often draw state-sponsored actors looking to make political statements or gather intelligence. These events are ripe for cyber espionage and sabotage, especially when they involve countries with ongoing geopolitical tensions. The presence of multiple nations adds to the complexity and potential impact of cyber threats, making these events particularly vulnerable.

Historical cyber threats at previous Games

Considering its sheer scale and global visibility, the Olympics have faced their fair share of cyber threats and attacks, attracting not just athletes and fans, but also cybercriminals eager to exploit the global spotlight. For example, The 2018 Pyeongchang Winter Games saw a major cyber incident during the opening ceremony, known as the “Olympic Destroyer” attack. This sophisticated attack disrupted internet and broadcast systems, temporarily taking down the official Olympics website and preventing spectators from printing tickets for events.

The Tokyo 2020 Olympics were reported to have faced an astounding 450 million cyberattack attempts. These attacks ranged from phishing schemes to DDoS assaults, all aimed at exploiting the extensive digital infrastructure of the Games.

Even the London 2012 Olympics encountered significant threats, with over 212 million attempted attacks detected. Among these were numerous DDoS attacks targeting critical infrastructure, as hackers aimed to disrupt operations, sow chaos, and undermine confidence in the event’s security measures.

A looming cybersecurity battle at Paris 2024

As we look ahead to the Paris 2024 Olympics, cybersecurity experts are raising alarms that the threats facing this event could be even more severe than those seen in previous Games. With millions of visitors and extensive global attention, the digital infrastructure supporting the Paris Olympics is a vast and enticing target for cybercriminals.

Experts predict that cyberattacks on the Paris 2024 Olympics will be significantly more frequent and sophisticated. In fact, they warn that the Games face up to 10 times the number of attacks seen at Tokyo 2020. This escalation is due to several factors:

Increased digital connectivity: The reliance on digital infrastructure for ticketing, communication, and event management has grown exponentially, providing more entry points for cybercriminals. With every new digital system comes a new vulnerability, making the task of securing the event increasingly complex.

Sophisticated attack methods: Cybercriminals are no longer relying on simple hacking techniques. They’re now employing advanced technologies, including AI, to enhance their attack capabilities. This makes detecting and defending against these intrusions far more challenging for cybersecurity teams.

Geopolitical tensions: The globe is fraught with conflicts, and geopolitical tensions can sometimes play out at the Olympics. Countries not invited to participate or those with strained relations with the host nation might resort to state-sponsored cyberattacks. These attacks aim to disrupt the Games, steal sensitive information, or damage the host nation’s reputation on the world stage.

Types of threats and concerns

Considering the magnitude and nature of the threats that could disrupt the 2024 Paris Games, cybersecurity experts and event organizers aren’t sitting on their hands. They’re acutely aware of the myriad threats targeting the Paris 2024 Olympics and are actively working to fortify their defenses. From sophisticated hacking techniques to state-sponsored cyberattacks, here are the specific threats and concerns they are focusing on to ensure the Games proceed without a hitch.

Phishing and fake websites

Phishing attacks are a major concern for the Paris 2024 Olympics. Cybercriminals are crafting fraudulent websites and emails that look just like official Olympic communications, aiming to steal personal details, financial information, and login credentials.  These phishing schemes often involve emails or text messages that seem to come from trusted sources, tricking recipients into clicking on malicious links or downloading harmful attachments. The impact can be severe, leading to malware infections, identity theft, and financial loss. 

A phishing communication can also lead to a fake website that requests personal information. As of early June, French police had already detected 338 fraudulent Olympic ticketing websites. Of those, 51 had been shut down, with 140 receiving formal notices from law enforcement.

Distributed Denial of Service (DDoS) attacks

DDoS attacks are another big threat to the Paris 2024 Olympics. These attacks flood targeted servers or networks with massive amounts of internet traffic, causing major disruptions or even complete shutdowns of services. During the London 2012 Olympics, for example, DDoS attacks hit critical infrastructure, disrupting power systems and other essential services.

At an event like the Olympics, where smooth, real-time operations are paramount, DDoS attacks can be particularly devastating. They can take down ticketing systems, interrupt broadcasts, and crash official websites, creating chaos and frustration for both organizers and attendees.

Ransomware

Ransomware attacks are a significant threat to the integrity and functionality of the Games. Cybercriminals encrypt critical data and demand ransom payments for the decryption key. Given the high stakes and the extensive data involved in managing the Olympics, a ransomware attack could severely disrupt operations and compromise sensitive information.

Imagine ransomware targeting systems that manage athlete information, scheduling, logistics, and ticketing. The result? Widespread operational chaos, financial losses, and serious damage to the reputation of the Games. The exposure of sensitive data could have long-term implications for everyone involved, from athletes to organizers.

Hacktivism and disinformation

Hacktivist groups and state-sponsored actors are likely to use the Olympics as a stage to promote their agendas and disrupt the event. These groups might launch DDoS attacks, deface websites, or spread disinformation to undermine the Games and tarnish the host nation’s reputation. Given the geopolitical tensions surrounding the event, the risk of such attacks is high.

For example, cyberattacks linked to ongoing geopolitical conflicts could target the Paris 2024 Olympics as a form of retaliation. These attacks might aim to sow discord, spread propaganda, or disrupt critical infrastructure. Disinformation campaigns could mislead the public, create confusion, and erode trust in the event, turning what should be a celebration of sport into a digital battleground.

Mobile threats

As mobile devices become more central to everyday life, they also become prime targets for cybercriminals during the Olympics. Attendees will rely heavily on their smartphones for ticketing, navigation, communication, and accessing event information. This makes mobile devices a lucrative target for attacks such as SMS-based phishing (smishing), malicious apps, and malware.

Cybercriminals may create fake Olympic apps or use social engineering tactics to trick users into downloading malware. These malicious applications can steal personal information, track user activities, and even take control of the device. In addition, smishing attacks involve sending fraudulent messages that appear to come from legitimate sources, prompting users to click on malicious links or provide sensitive information.

Preparation and defense strategies

To combat these cyber threats, the Paris 2024 Organizing Committee is implementing a multi-faceted approach to cybersecurity. This includes collaboration with international law enforcement agencies, advanced technological solutions, and public awareness campaigns.

Enhanced monitoring and response

A key part of the cybersecurity strategy is setting up a Security Operations Center (SOC). This center will use AI-based tools to detect and respond to threats in real time. Technologies like AIsaac, an advanced AI-powered cybersecurity detection platform, will help differentiate between minor nuisances and significant threats, ensuring rapid and effective responses to potential incidents.

Ethical hacking and penetration testing

To stay ahead of cybercriminals, the organizing committee is partnering with ethical hackers. These cybersecurity experts simulate real-world attacks through penetration testing to uncover system weaknesses. By finding and fixing these vulnerabilities before they can be exploited, the committee is working hard to fortify the event’s overall security.

Public awareness campaigns

Educating the public about cyber threats is key to preventing successful attacks. The organizing committee is stepping up efforts to inform attendees about common dangers like phishing and fake websites. This includes offering guidelines on verifying the authenticity of communications and encouraging the use of security measures like multi-factor authentication.

Collaboration with law enforcement

International cooperation is essential for effective cybersecurity. The French Anti-Cybercrime Office (OFAC) is working closely with global law enforcement agencies to share intelligence and coordinate responses to potential threats. This collaboration boosts the ability to detect and counteract cyberattacks, creating a safer environment for the Games.

Government and private sector involvement

The French government is pulling out all the stops to ensure robust cybersecurity for the Paris 2024 Olympics. They’ve set up the French Anti-Cybercrime Office (OFAC) and are teaming up with industry giants like Cisco and Eviden. These partnerships bring cutting-edge cybersecurity solutions and a wealth of expertise to the table, significantly bolstering the event’s security framework.

Tips for attendees: How to protect yourself from threats and scams

With all the cybersecurity measures in place, attendees also have a role to play in safeguarding themselves from threats and scams. Here are some practical steps you can take to stay safe while enjoying the Paris 2024 Olympics.

Avoiding ticket scalping

1. Buy from official sources: Only purchase tickets from the official Olympics website or authorized sellers. Third-party sellers and unofficial websites are often rife with scams selling fake tickets.
2. Be wary of deals that seem too good to be true: If a ticket price is significantly lower than the official rate, it’s likely a scam. Always compare prices with the official rates before making a purchase.
3. Check the seller’s credibility: If buying from a reseller, verify their legitimacy. Look for reviews and ratings from other buyers, and avoid sellers with negative feedback or no online presence.
4. Use secure payment methods: Use payment methods that offer protection, such as credit cards or reputable payment services like PayPal. Avoid direct bank transfers or payment methods that do not offer recourse in case of fraud.

Protecting your personal information

1. Use strong, unique passwords: Create strong, unique passwords for each of your online accounts. Avoid easily guessable information, such as birthdays or common words. Consider using a password manager to keep track of your passwords securely.
2. Limit personal information sharing: Be mindful of the information you share online and on social media, especially regarding your travel plans and activities at the Olympics. Cybercriminals can use this information to target you.
3. Monitor your accounts: Regularly check your financial and online accounts for any suspicious activity. Set up account alerts to receive notifications of unusual transactions or login attempts.

Avoiding scams and phishing

1. Verify official communications: Double-check the source of any communication claiming to be from the Olympics. Use official websites and channels to confirm information about tickets, schedules, and updates.
2. Be skeptical of unsolicited messages: Be cautious of unsolicited emails, text messages, or social media posts, especially those asking for personal information or prompting you to click on links. Phishing attacks often masquerade as legitimate Olympic-related communications.
3. Look for signs of phishing: Watch for common phishing indicators, such as generic greetings, spelling errors, urgent calls to action, and suspicious-looking URLs. Legitimate organizations typically maintain high standards for communication quality.

Using secure connections and being cautious of public Wi-Fi

1. Avoid public Wi-Fi for sensitive transactions: Public Wi-Fi networks, such as those in hotels, cafes, or event venues, are often less secure and can be easily exploited by hackers. Avoid using them for sensitive transactions like online banking or accessing personal accounts.
2. Use a VPN: A VPN encrypts your internet connection, making it more secure when using public Wi-Fi. This helps protect your data from being intercepted by cybercriminals. Choose a reputable VPN provider with strong encryption standards and a no-logs policy, such as ExpressVPN. If you’re traveling for work or leisure, consider an Aircove Go portable VPN router, which you connect to an available Wi-Fi network. All your devices using Aircove Go will be on the Wi-Fi but with ExpressVPN providing a layer of encryption and location changes. (An ExpressVPN subscription is needed to use Aircove Go’s VPN functionality.)
3. Keep your devices updated: Ensure your smartphone, laptop, and other devices have the latest security updates and patches installed. Cybercriminals often exploit vulnerabilities in outdated software.