As the opening ceremony of the 2024 Paris Summer Olympics fast approaches, organizers are immersed in intense preparations on the cyber front. Such a prominent, international event makes for a vast attack surface that holds enticing opportunities for cybercriminals.
As it stands, the 2024 Olympic and Paralympics are currently projected to boast a count of 9.7 million spectators across 40 official sites. While France will enjoy the global spotlight for nearly two months, every aspect of planning and hosting the Games requires cybersecurity to be a top priority for the organizers.
In this blog post, we discuss the evolution of cyber threats that have played out over the last two decades and how they will inform the digital security of this year’s Games, including threat techniques, current geopolitical motivations, and effective countermeasures available.
A Timeline of Attacks
The spirit of competition and athletic celebration may unfold on Olympic grounds, but another type of race between threat actors and cybersecurity teams runs parallel, away from the main stages. Cybersecurity threats and attacks have loomed over the past two decades’ worth of Games, affecting athletes, attendees, and the underlying digital infrastructure that sustains the Olympics. Here are some of the most infamous cyber activities from the past seven Games showcasing various cyber challenges that Paris game planners may face:
2008 Summer Olympics (Beijing, China)
The Beijing 2008 Olympic Games marked the first instance of publicly reported malicious cyber operations during the Olympics. A cyber espionage campaign known as “Operation Shady Rat” targeted the International Olympic Committee (IOC) and various Western and Asian Olympic Committees. Possibly focused on information gathering, this campaign spanned from 2006 to 2011 and included the targeting of the World Anti-Doping Agency (WADA) in August 2009. Although the ultimate goal is still unclear, the operation has been associated with Chinese state-sponsored cyber activities.
The Beijing Olympics also witnessed lucrative malicious operations, including fraudulent ticket websites, spear phishing, and deceptive streaming platforms. These activities were attributed to opportunistic intrusion efforts, all capitalizing on the illicit money-making opportunities presented by the major event.
2012 Summer Olympics (London, United Kingdom)
While cyber incidents had been observed in previous editions, the 2012 London Olympics brought the notion of cyber threats into sharp focus for the Olympic community. Of the 212 million cyberattacks mounted during the event, a notable 40-minute distributed denial-of-service (DDoS) attack disrupted the power systems of the Olympic Park on the second day of the Games.
Opportunistic actors also engaged in lucrative malicious operations that impacted the public, employing phishing campaigns that enticed individuals with a chance to win free airline tickets for the London Summer Olympic Games by participating in a fake survey.
2014 Winter Olympics (Sochi, Russia)
Leading up to the Sochi Olympics, there were indications of cyber threats, raising concerns about the security of IT systems. Reports shortly surfaced that cyber espionage activities were targeting various organizations associated with the Olympics. The U.S. State Department issued a travel alert for the 2014 Sochi Winter Olympics, cautioning U.S. travelers about cybersecurity threats in the region. The alert specifically advised individuals to exercise caution when sharing sensitive or personal information on Russian electronic communication networks.
Following the Winter Olympics in Russia, an open-source report highlighted a cyber espionage campaign, accusing Russian intelligence services of gathering information on Olympic organizations, judges, journalists, spectators, and athletes.
2016 Summer Olympics (Rio de Janeiro, Brazil)
Before the Rio Olympics, concerns were voiced regarding the security of IT systems, including the potential for DDoS attacks. While the event itself did not witness any significant cybersecurity incidents reported, affiliated organizations saw a series of long-duration (540 Gbps) DDoS attacks in the months leading up to the Games.
Also of note, a sophisticated cyberespionage campaign orchestrated by APT28, an intrusion set associated with Russian military intelligence (GRU), was revealed by the World Anti-Doping Agency (WADA) two months after the Games. Hacktivist groups, including Anonymous Brazil, played a role in campaigns targeting the Brazilian Federal government and the Ministry of Sports, resulting in the exposure of personal and financial data.
Anonymous Brazil voiced grievances against the Games, citing insufficient investments in favelas and excessive spending on Rio 2016. Additionally, cybercrime operations targeted the public and organizations affiliated with the Rio Olympics, with security analysts noting an 83% increase in phishing URLs in Brazil before the Olympics, compared to a 13% increase globally.
2018 Winter Olympics (Pyeongchang, South Korea)
The opening ceremony of the Pyeongchang Winter Olympics witnessed a significant cyber attack that disrupted the event’s IT systems, including Wi-Fi, ticketing, and the official website. This attack was strategically designed to create chaos by destroying data and disrupting essential operations.
Executed through the malicious worm dubbed “Olympic Destroyer”, the official Olympic website was taken offline and the Wi-Fi service within the stadium was rendered inoperable. As well, live broadcast systems faced disruptions, leading to the denial of access to ticket printing for many spectators during the opening ceremony.
2021 Summer Olympics (Tokyo, Japan)
The Tokyo Olympics, rescheduled by a year due to the COVID-19 pandemic, emerged as a lucrative target for cyber attacks. The event witnessed a staggering 450 million cyber threats, a figure two and a half times higher than the reported number of cyberattacks during the London Olympics in 2012. Most notably, researchers uncovered a phishing attempt during the Tokyo Olympics, where cybercriminals were selling the “Olympic Games Official Token”. Invention of this fake “token” revealed that cyber criminals were testing new and sophisticated schemes to target individuals.
A year before the Games, reports of an espionage campaign attributed to the GRU-linked Sandworm APT, targeting officials and organizations involved in the Tokyo Olympics. In addition, threat actors sought to deploy wipers configured to specifically target Japanese-set computers and erase sensitive files.
2022 Winter Olympics (Beijing, China)
Prior to the Winter Olympics, the FBI recommended that athletes use temporary cell phones instead of personal devices, cautioning against the use of personal data on these temporary devices. Researchers identified vulnerabilities in the Chinese application My2022, mandatory for all attendees to install on their mobile devices during the Olympics. Exploiting these vulnerabilities could potentially grant access to personal and medical data.
Understanding the Geopolitical Discord Amongst Olympic Participants
Geopolitical tensions cast a profound shadow of influence on the Olympic Games, significantly impacting both the event’s dynamics and its cybersecurity landscape. Since the Olympics provide a global stage, it often becomes a battleground for nations to express political ideologies, ambitions, and conflicts.
Heightened geopolitical tensions amplify the attractiveness of the Olympics as a target for cyber threats. State-sponsored actors often exploit vulnerabilities in digital infrastructures to extend their target far beyond the organizing committees to reach athletes, spectators, and affiliated organizations, too.
Impact of the Russian War on Ukraine
Between 2018 and 2022, Russia faced an Olympic ban, preventing its participation under its national flag due to a state-sponsored doping scheme involving Russian athletes during the 2014 Sochi Games. This ban mirrored the decision taken by the International Olympic Committee (IOC) and the World Anti-Doping Agency (WADA) in 2014, which resonates in the 2024 Paris Olympics ban on Russia and Belarus following their 2022 invasion of Ukraine.
The suspension of the Russian Olympic Committee resulted from its oversight of sport organizations in four occupied Ukrainian regions. While Russia and Belarus athletes are permitted by the IOC to compete as “Neutral Individual Athletes”, geopolitical tensions raise concerns about potential retaliatory cyber operations.
Amidst France’s support for Ukraine in its defensive stance against Russia, there’s a looming possibility that the 2024 Paris Olympics could become a target for Russian and/or Belarus cyber operations. These operations, acting as potential retaliation measures, might come to pass as acts of disruption and sabotage with the aim of undermining France’s international reputation.
Impact of the Azerbaijan-Armenia Border Conflict
France’s involvement in the Azerbaijan-Armenia (Nagorno-Karabakh) conflict has faced criticism from Azerbaijan for its perceived bias towards Armenia. In November 2023, French state digital watchdog, Vignium, linked a disinformation campaign smearing the Paris 2024 Olympic games to Azerbaijani-based actors. Their investigation in late July was prompted by the widespread sharing on X of visuals urging a boycott of the 2024 Olympics.
The campaign utilized images depicting riots, the city of Paris, and the Olympic Games logo, employing three official X accounts of the Games and two hashtags, #paris2024 and #boycottparis2024. Between July 26 and 27, over 1,600 posts featuring these visuals or hashtags surfaced on X, with around 90 accounts believed to be involved in what the report called “artificial amplification”.
The Risks Targeting the Olympic Podium
Since at least Beijing 2008, past Olympic Games have become targets for offensive cyber operations, driven by motives ranging from cyber espionage, destabilization, or economic gain. The upcoming Paris 2024 Games could face a spectrum of malicious cyber operations, ranging from campaigns focused on destabilization, through influence campaigns, malware, and data extortion, to those centered on disruption, including DDoS attacks and disinformation.
Persistent cyber crimes also pose an ongoing risk to the Olympics. These opportunistic crimes exploit the event’s popularity, targeting diverse victims, from the general public to partners and organizers. Lucrative campaigns enticing spectators are much more likely to dish out Olympics-themed phishing, malicious apps, and typosquatted websites mimicking platforms related to reselling, ticketing, or betting activities.
What Solutions Are In Place to Protect the Paris 2024 Games?
To counter the growing concerns for cyberattacks, French authorities are taking concerted measures to secure this year’s Games. Notably, the ANSSI cybersecurity agency is set to collaborate with its Japanese counterpart, the NISC (National Center of Incident Readiness and Strategy for Cybersecurity). This partnership fosters improved dialogue and the exchange of cybersecurity insights, drawing from experiences in other major sporting events.
The COJO (Organizing Committee for the Olympic Games) has also rolled out a cybersecurity strategy based on four pillars: education, training, anticipation, and coordination. Other key parts of their defenses include:
- Awareness-raising events – According to Franz Regul, CISO for the Paris 2024 Games, training courses promoting cyber awareness will be set to combat phishing, spam, online scams which represent the initial means of compromise to 80% of cyberattacks.
- Security Operations Center (SOC) – The newly established SOC will be tasked with continuously monitoring all Olympic digital ecosystems. SO far, ANSSI has budgeted 17 million euros towards SOC services, which will revolve around nearly 12000 workstations spread across security sites for the duration of the Games.
- AI-based tools – The SOC will use AI-based tools to detect signs of suspicious or malicious activity, track signs of compromise, and orchestrate incident response.
- Olympic Management System (OMS) – The OMS manages access to events with all requests submitted to the Service National des Enquêtes Administratives de Sécurité (SNEAS) for final approval and badge issuing.
- Olympic Diffusion Systems (ODS) – This application is dedicated to disseminating information and results in real time to the media and spectators to avoid any misinformation.
- Improved ticket sales policies –
- A hopeful buyer has only 48 hours to buy their ticket after being selected by random draw in order to streamline online traffic. Only 30 tickets may be purchased per account to mitigate mass resales.
- All resales must be conducted via the official resale site to prevent forgery and manage existing tickets.
- Tickets are 100% digital and will only be sent to purchasers a few weeks before the start of the event.
Applying Cybersecurity Lessons Learned for Paris 2024
For Paris 2024, preparing for cybersecurity threats involves a multi-faceted approach combining a mix of infrastructure security, data protection, and collaboration.
Infrastructure & Network Security
The IT infrastructure of the Paris 2024 Olympics includes a complex network of systems handling everything from scoring and timing to broadcasting and ticketing. Protecting this infrastructure involves deploying advanced network security solutions, including intrusion detection systems, firewalls, and real-time monitoring tools through security operation centers (SOCs).
Data Protection & Privacy
With the vast amount of personal data processed during the Olympics, including that of athletes, officials, and spectators, data protection and privacy are critical. This involves implementing stringent data security measures, such as advanced encryption, robust access controls, and continuous monitoring for data breaches. Compliance with international data protection regulations, such as the GDPR, is also crucial.
Global Cybersecurity Alliances
Cybersecurity for such a massive event cannot be siloed. Collaboration among various international entities, including cybersecurity firms, government agencies, and international sports bodies, is essential. This collaboration involves sharing intelligence on emerging cyber threats and best practices for mitigation.
The organizing committee of Paris 2024 is working in tandem with international cybersecurity organizations, leveraging their expertise and resources. These alliances enable the sharing of intelligence on emerging cyber threats and coordinated responses to potential attacks.
Advanced Cyber Defense Technologies
In anticipation of the 2024 Summer Olympics, Paris is gearing up for heightened, AI-based technological surveillance. The French government will be deploying an extensive network of cameras integrated with artificial intelligence (AI) tasked to closely watch over crowds and public areas and alert authorities to any signs of suspicious activity.
The recently approved Loi JO 2024 legislation, enacted earlier in 2023 permits the real-time application of algorithmic analysis to camera footage, enabling the identification of predetermined events that may pose a threat to public order. The surveillance system is slated to operate until March 2025, extending its functionality for six months after the close of the Games.
Simulation & Response Planning
GICAT (Group of French Industries for Land and Air-land Defense and Security), one of many tech solution providers associated with the Games, has confirmed nearly eight billion cybersecurity tests. These simulations, often referred to as red teaming, involve mimicking real-world cyberattacks to test the resilience of the cybersecurity infrastructure. This proactive approach allows the cybersecurity team to identify vulnerabilities and refine their response strategies, ensuring they are well-prepared for various attack scenarios.
Conclusion
The cybersecurity framework for Paris 2024 is not just about safeguarding IT infrastructure; it’s about protecting the very essence of the Olympic spirit — fair play, honor, and global unity. Cyber threats not only pose a risk to the operational aspects of the Games but also threaten the safety and privacy of the participants and spectators.
The Paris 2024 Olympics presents a unique set of challenges and opportunities in cybersecurity. As we move closer to this international spectacle, security leaders and game organizations will continue to glean the lessons learned from past Olympics and prepare for both opportunities and advanced persistent threats.
SentinelOne is trusted by global enterprises and organizations responsible for safeguarding large-scale events with complex security requirements. To learn more about how SentinelOne protects digital ecosystems through AI-driven detection and response capabilities, deep visibility, and data enrichment, contact us today or book a demo.
from SentinelOne https://bit.ly/3vOyKNC
via IFTTT
No comments:
Post a Comment