As the 2024 Paris Olympics attract global athletes, they also bring heightened cyber threats. Franz Regul, the Head of IT Security for the event, anticipates a significant increase in cyberattacks compared to the previous Tokyo Games.
Paris 2024's proactive stance includes employing 'ethical hackers' for rigorous system testing and leveraging artificial intelligence to sift through and prioritize security threats. These steps aim to provide reassurance for all participants. However, cybersecurity extends beyond official systems to the personal devices and data of attendees and viewers, who could face phishing, identity theft, ransomware, or fraud. Vigilance is key, with recommendations to verify online service authenticity, ensure website and email legitimacy, and use robust passwords and encryption.
As the games proceed, Josh Jacobson, Director of Professional Services at HackerOne, sheds light on the potential motives and impacts of cyberattacks, complemented by insights from Kiran Chinnagangannagari, CTO at Securin, on the evolving cyber landscape.
Josh Jacobson, Director of Professional Services, HackerOne, shared, "We can be near certain that cybercriminals will target the Olympics in some way this year. We've already seen attacks on ancillary systems such as the French Rail Networks. While these attacks may not directly impact the Olympic Committee itself, they could impact the games, as there is a high chance that we will continue to see support systems and networks targeted and affected throughout the event. Targets could include infrastructure like transport all the way down to individuals such as athletes, Olympic employees, and production crews.
It's important to note that the Olympians and the teams putting on the spectacle are not the only targets. There is also a significant risk of attacks against the attendees and spectators. These could be fake ticketing sites, social engineering campaigns, or phishing attacks. Who these cybercriminals target depends on what information they want to gather and from whom—it could be nations targeting their own people to track dissent or criminals looking for financial gain. The potential impact on individuals is a genuine cause for concern and must be managed.
Where criminal groups may care more about monetary gains, nation-state actors operate with the goals of disruption and embarrassment. As we've already seen, mass transit is an ideal target with likely outdated and under-supported interconnected systems. Public transport disruption causes mass people and reputational impact on the affected organs and the city of Paris and creates unrest among the attendees. That doesn't even begin to factor in the mass cost repercussions. What makes these attacks even more concerning is that they could come from nation-states or hacktivist groups who are against the Olympics, each with their own unique motivations.
Only time will tell how the summer games will play out. Still, we hope that the security and IT teams behind the event and the surrounding systems have prepared for as many scenarios as possible to protect everyone involved, from the attendees to the Olympians to the people of Paris."
Kiran Chinnagangannagari, CTO & CPO, Securin also commented, "As the highly anticipated 2024 Paris Olympics kicks off, there are a range of cyber-attacks that officials can expect and be prepared for. From one-off, non-threatening hackers looking to cause mischief to legitimate cyber threats affecting the games and Parisian critical infrastructure, French officials can expect hacktivists, state-sponsored groups and organized crime groups to be the main cyber threats during the 2024 games.
Chinnagangannagari also shared, "Franz Regul, the Head of IT Security for Paris 2024, has made it clear that they're focusing on sabotage operations - and that significant resources, training and scenario planning/simulations have gone into that - including keeping the location of their SecOps center secret. After Regul estimated that these Olympic games would see eight to 12 times the number of attacks than those at the Tokyo Games in 2021, they should prepare for an uptick of ransomware attacks, phishing attempts, DDoS, misinformation/deep fakes, online scams and third-party exploitation during the duration of the games. Security teams have already begun conducting stress tests by carrying out ransomware and DDoS simulations, and that is a great starting place when training to take on Olympic-level cyber threats. French security teams should continue utilizing AI to assist in their defenses and be cautious when prepping for cyber threats.
International agencies can support France by sharing continuous asset discovery and having rapid response teams on standby to recover and restore when an attack happens. This must be a collective effort between France as the host city and other international agencies to protect the games and the athletes representing their country."
As the Paris 2024 Olympics continue, the potential increased in cyber threats from various actors targeting the event's operations and attendees is high. Jacobson and Chinnagangannagari emphasize the critical need for international cooperation to bolster France's security measures, ensuring the games' safety. Just as the importance of vigilance and preparedness for athletes is paramount, so is the approach to cyber threats.