Third-party code, Risk Identification/Classification/Mitigation

Guarding the games: Cybersecurity challenges ahead of 2024 Paris Olympics

Share
The interconnected rings of the Olympics logo and a design of the Olympic flame with the words Paris 2024 are seen on a window

The Olympics are more than just a showcase of excellence and athleticism; they embody the spirit of unity, competition, national pride and human achievement on a global scale. But as the world eagerly anticipates the arrival of athletes, celebrities, media figures and spectators in Paris for the 2024 Summer Games, threats are emerging that may disrupt the fanfare and spectacle of this global event.

Large-scale events like the Olympics have become prime targets for cybercriminals seeking to exploit vulnerabilities, make a public statement, profit financially, cause chaos or generally disrupt operations. In fact, the 2020 Tokyo Olympics faced 450 million attempted cyberattacks, which was 2.5x more than the number seen at the 2012 London Olympics. This year, the stakes are higher than ever, with the potential for cyberattacks to not only tarnish the integrity of the Games but also pose significant risks to public safety and security.

What Threats Can We Anticipate?

As we approach the opening ceremony, cybersecurity experts are gearing up to face an array of potential cyber threats including: disruptive attacks aimed at causing chaos, opportunistic social engineering attacks targeting eager fans, and even sophisticated espionage efforts. Identifying the most likely and impactful threat actors and attack techniques that will be used prior to and during the Games is essential for implementing effective defenses and ensuring the event's security and success.

Distributed Denial of Service (DDoS) Attacks: We’ll likely see one or more DDoS attacks, as these have been common occurrences during previous Olympics. By overwhelming systems with excessive traffic, these attacks can cripple websites and online services. For example, the 2012 London Olympics were hit with a 40-minute DDoS attack attempting to compromise the Olympic Park's power infrastructure, showcasing how such disruptions can have serious implications.

Social Engineering and Phishing: Social engineering, particularly through phishing attacks, will be one of the most common threats before and during the Olympics. Threat actors know that social engineering attacks have a higher chance of success when the targeted victim is in an enhanced emotional state, such as when they are feeling a sense of urgency. In the past, we've seen campaigns promising things like free airfare or ticket upgrades being used as a lure to convince victims to click malicious links or share credentials, for example.

Cyber Espionage: If history is any indicator of the future, we might expect to see cyber espionage campaigns being waged before and during the Olympics. These campaigns attempt to gain insight into the strategies, training programs and athlete status of opposing nations. In the lead-up to previous Games, such as the 2008 and 2022 Beijing Olympics, cyber espionage campaigns were rampant, aiming to gain a competitive edge or disrupt preparations.

Politically Motivated Attacks: We may also see politically motivated, nation-state attacks against French targets due to France's support of Ukraine after Russia's invasion last year. These attacks could target French infrastructure or Olympic systems to make a global statement, as seen with the "Olympic Destroyer" malware that disrupted the 2018 Winter Olympics' opening ceremony. Likewise, we should not be surprised to see hacktivist groups take advantage of the global popularity of the Olympics to make statements about various causes and interests, including the ongoing conflict in Gaza.

Evaluation of France's Cybersecurity Training

As the 2024 Paris Olympics draw near, France's cybersecurity teams, dubbed "Cyberwarriors," have already undergone extensive training, focusing on the tactics and techniques of likely threat actors. Understanding the anticipated threats and using tools, like the MITRE ATT&CK framework, will help them visualize potential attack patterns and identify "choke points" where specific security controls can have the greatest impact.

However, these teams will likely face challenges coordinating information sharing amongst the thousands of vendors, service providers and third parties involved in the Olympics. Point of sale and concessions operators, marketing agencies, physical security contractors, hospitality services and more will all have data that can be crucial to the early detection and containment of cyberattacks. The Olympics' cyber teams should be paying special attention to establishing lines of communication with these entities and adequately aggregating and analyzing this huge data set in near real-time.

Despite these efforts, there are areas for improvement. The official Olympics website has a cybersecurity page, but it lacks practical advice for attendees, partners and other interested parties. This is a missed opportunity to educate the public on recognizing and avoiding common cyber threats. Enhancing public education and refining communication strategies will be key to ensuring the Games' security and integrity against potential cyber threats.

It Takes a (Olympic) Village: A Call for Global Collaboration

Securing the 2024 Paris Olympics requires not just national efforts but also international collaboration. Global intelligence sharing will be crucial, as cyber threats often transcend borders. International agencies can support France by providing threat intelligence, sharing best practices and coordinating on response strategies. In addition to government cooperation, public awareness and education play pivotal roles. It is essential for the public to be informed about the potential cyber threats they might encounter during the Games and how to mitigate them. Enhanced cybersecurity measures, clear communication channels and practical advice can empower individuals to recognize and avoid scams, phishing attempts and other malicious activities.

As the world gathers to celebrate human achievement and unity, ensuring the digital safety of the 2024 Paris Olympics, and those of attendees, is paramount. By bolstering international cooperation and raising public awareness, we can help safeguard this global event, allowing the focus to remain on the extraordinary performances of the athletes and the spirit of the Games.

Dave Stapleton

Dave Stapleton is a tenured cybersecurity risk professional with experience in both the public and private sectors. He began his cyber career at the Department of Health and Human Services (HHS) where he developed and managed Risk & Compliance functions for the Food and Drug Administration (FDA) and Indian Health Service (IHS). Dave currently serves as Chief Information Security Officer at ProcessUnity where he leads the security operations team. Dave is a Certified Information Systems Security Professional (CISSP).

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.