The Olympic Games: Prime Targets for Cybercrime

Richard De La Torre

June 26, 2024

The Olympic Games: Prime Targets for Cybercrime

Every four years the Olympic Games captivate the world with their breathtaking displays of athletic excellence and the spirit of international camaraderie. However, lurking behind the scenes of this grand event is a less visible but equally formidable challenge: the threat of cyberattacks. This imminent threat is exasperated by global tensions, the emergence of AI-enhanced cyber threats, and political motivations to spread disinformation and cause disruption in the Games. Read on to learn about the types of threats we’ve already observed around the games, as well as what we can expect.

An History of Attacks

From their inception, the Olympic Games have attracted billions of viewers, creating a massive pool of potential victims for cybercriminals eager to capitalize on their popularity. Well-funded threat actors exploit the global excitement, sending fraudulent emails and setting up fake websites to steal personal information, deploy malware, cause disruption, or sway the public to whatever agenda they are pursuing. History is littered with cases of successful cyberattacks during this otherwise celebratory time.

One of the most infamous events came during the 2018 Winter Olympics in PyeongChang, South Korea. An arm of the Russian state intelligence group known as the GRU, launched a sophisticated phishing campaign targeting various persons and organizations involved in the event, aiming to compromise and damage sensitive data.

The centerpiece of the attack was a custom-built malware dubbed "Olympic Destroyer." Designed for maximum disruption, Olympic Destroyer functioned as a data wiper, aiming to erase critical data from infected systems. Fortunately for the event organizers, the attack only caused minor disruption, taking down Wi-Fi at the stadium and impacting the Olympic website. Thankfully, the core operations of the Games remained functional. The aftermath of the attack saw the US Department of Justice indict six GRU officers, highlighting the international effort to hold state-sponsored actors accountable for cyberattacks.

More recently, in 2020, entities associated with the Olympic Games in Tokyo witnessed a surge in cyber threats, with attackers targeting everything from the event's official website to supply chain partners, aiming to extract ransom or sell stolen data on the dark web. While the Games went on without major disruptions, a staggering estimated 450 million cyber-attacks targeted the event. The attacks were varied, mostly designed to steal financial information from victims.

Key to these attacks were phishing campaigns. A barrage of phishing emails disguised as official Olympic Games communications were sent out by numerous cybercriminal groups. These were designed to trick unsuspecting individuals into clicking malicious links or opening attachments and infecting their devices with malware. The most popular of which was the Emotet botnet, which is known for its capacity to automate key areas of a cyberattack including malware delivery, lateral movement, and data exfiltration.

Watering hole attacks targeted websites frequented by Olympic personnel were also common. The threat actors aimed to compromise the victim’s devices when they visited the hijacked site and steal sensitive information.

In addition to direct financial motivations, many cyberattacks are driven by political agendas. The 2012 London Olympics saw state-sponsored attacks attempting to sabotage the event’s IT infrastructure. The cyberattacks were orchestrated by hackers working on behalf of the Russian state. This attribution was based on the tactics, techniques, and procedures (TTPs) used, which matched those of known Russian cyber espionage groups such as APT28 (Fancy Bear) and APT29 (Cozy Bear). While the exact motivations are unclear, it seems the attackers aimed to gather intelligence on the operations and security measures of the Games. This information could be used for future attacks or to gain strategic advantages.

These incidents underscore the multifaceted nature of cyber threats during the Olympic Games, highlighting the critical need for robust cybersecurity measures to protect both individuals and organizations associated with this global spectacle.

Looking Forward to Paris 2024

As we approach the 2024 Paris Olympics, we expect to see a repetition of what we’ve witnessed before, with a few key novelties:

Increase in Supply Chain Attacks: While attacks aimed to target The Paris 2024 Organizing Committee of Olympic and Paralympic Summer Games are sure to be abundant, we expect threat actors to increasingly target vendors and partners associated with the Committee and the host nation. The primary purpose will likely be to gain access to critical infrastructure like ticketing systems or broadcast networks. While security is expected to be heightened for the Games themselves, threat actors will count on the unlikelihood that all of the Game’s suppliers and partners will be able to match the robust security of the Game’s organizing parties.

Russia State-Sponsored Attacks: Recently the International Olympic Committee banned Russian and Belarusian athletes from participating in the game’s opening ceremonies. French officials expect Russia will retaliate with state-sponsored attacks targeting businesses crucial to the Games' operation, like transportation or energy providers. Though not a novelty for the Games, current political tensions would indicate the volume and frequency of these attacks should increase significantly.

Disinformation Campaigns: As tensions rise due to the recent geopolitical climate, expect a surge in misinformation campaigns aimed spreading false information about violence, terrorism, or health risks associated with the host city or event to discourage attendance and participation. For instance, reports of a fake CIA warning against attending the 2024 Paris Olympics due to terrorism were recently widely circulated online.

AI-Augmented Attacks: With the sudden proliferation of AI-powered tools, cybercriminals have discovered a new avenue for committing their crimes. AI-chatbots have provided threat actors with an apparatus to help them design far more convincing phishing emails than they could in the past. Large-language models have given way to new automation tools for malware and the opportunity for data poisoning attacks. Deepfake and voice cloning tools have emerged as significant security concerns. All of this apparatus is sure to make an appearance during the Games.

Taking a Proactive Approach to Securing the Games

 

Organizations associated with the Olympic Games must take a proactive approach to securing their infrastructure against potential cyberattacks. There are a few key areas worth focusing on:

  • Vulnerability Assessments & Penetration Testing: Organizations should focus on identifying security weaknesses in critical systems before attackers exploit them. Implementing risk assessment and patch management tools is essential. Offensive Security Services can help expose weak links in the organization’s security stack in a safe environment where these can be remediated proactively.
  • Advanced Threat Detection & Response: Deploying solutions that detect and neutralize cyberattacks in real-time is crucial for safeguarding critical systems against sophisticated cyber threats. Organizations should employ a multi-layered approach that includes behavioral analysis, heuristic scanning, and real-time threat intelligence, such as those found in Bitdefender GravityZone.
  • Security Awareness Training: Educating personnel involved with the Games on cyber threats and best practices for safe online behavior is critical. Phishing attacks are likely to continue to be the primary initial attack vectors used by cybercriminals. Staff that is prepared to recognize these deceitful attacks will be less likely to fall victim to them.

Collaboration is Key

Beyond any security measure any singular organization can take, collaboration between all entities involved with the Games, law enforcement, and cybersecurity specialists will be indispensable in the fight against threat actors seeking to exploit the Olympic Games. To that end, Bitdefender and other security vendors have worked with law enforcement around the world on Operation Endgame.

The operation’s main objective is to thwart the activity of cybercriminal organizations around the world, including those who have shown evidence of directing attacks at entities associated with the 2024 Paris Olympic Games. Bitdefender has been an instrumental partner to the FBI and Interpol in providing attribution information (process and data used to identify the source or origin of a cyberattack) that has led to the identification and arrest of suspects involved in cybercriminal activities.

With this collaboration we can ensure the 2024 Paris Olympics remain a celebration of athleticism and international unity, not a victory for cybercriminals.

tags


Author


Richard De La Torre

My name is Richard De La Torre. I’m a Technical Marketing Manager with Bitdefender. I’ve worked in IT for over 30 years and Cybersecurity for almost a decade. As an avid fan of history I’m fascinated by the impact technology has had and will continue to have on the progress of the human race. I’m a former martial arts instructor and continue to be a huge fan of NBA basketball. I love to travel and have a passion for experiencing new places and cultures.

View all posts

You might also like

Bookmarks


loader