Securing the Games: Cyber Security and the 2024 Summer Olympics

As Paris prepares to host the 2024 Summer Olympics, athletes from around the world are gathering to represent their country. But beyond the congratulations and medals lies a digital underworld. The cyber threat landscape during major sporting events, including the Olympics, is becoming increasingly insidious.

Over the last decade, the number of cyber attacks has increased dramatically. During the 2012 London Olympics, an estimated 212 million cyberattacks were committed. Fast forward to the 2021 Tokyo Olympics, and that number has skyrocketed to a staggering 4.4 billion. This year, experts expect an even greater onslaught of threats, including disruption attempts, disinformation campaigns and cybercrime, making strong cybersecurity measures necessary to protect this global spectacle. In a recent interview, ANSSI (France’s National Cyber Security Agency) director general Vincent Strubel said: “We are preparing for all types of attacks — all the ones we see every day, but bigger, more numerous and more frequent. .” In addition, Strubel commented, “We cannot prevent all attacks; There will be no Games without attacks, but we must limit their impact on the Olympics.”

The games are set to launch on July 26, 2024, and cybercriminals lurk in the shadows, armed with malware, phishing tactics, and ransomware. Their purpose? Important gaming services: retail, ticketing, travel and hospitality. Organizations need to monitor information technology and cyber security hygiene not only during the Olympic Games, but also on a daily basis.

The best way to stay safe in the face of these new threats is to remain vigilant and informed about the tactics and methods of threat actors. Below are some threats to watch out for:

To capture an account and send credentials:

As the number of financial transactions increases during events such as the Olympics, the risk of account hijacking and credential spoofing attacks increases.
Cybercriminals use weak or reused passwords to gain unauthorized access to user accounts.
Vigilance in monitoring account activity and using strong, unique passwords is critical.

Social engineering with phishing emails:

Expect a surge in phishing emails related to the Olympics. These misleading messages often promise “promotional offers” or “special offers”.
Unsuspecting recipients can click on malicious links, leading to compromised systems or stolen credentials.
Users should verify the legitimacy of emails and avoid clicking on suspicious links.

Ransomware and malware attacks:

Cybercriminals use major events as an opportunity to wreak havoc. Ransomware attacks can disrupt critical systems, holding them hostage until a ransom is paid.
Malware disguised as legitimate files or software updates can infiltrate networks and compromise sensitive data.
Regular security updates, reliable backups, and employee training are important safeguards.

Ad fraud (including click fraud):

Ad fraud targets digital ad networks for financial gain. One common method is click fraud, where bots artificially increase clicks on ads.
During high-profile events, cybercriminals use increased advertising traffic to commit fraud.
Advertisers and platforms must implement fraud detection mechanisms to protect advertising budgets.

Harmful advertising:

Malware embeds malicious code into legitimate online advertising. When users click on these compromised ads, they unwittingly put themselves at risk.
Being vigilant when browsing the web and using ad blockers can reduce exposure to malicious ads.
Organizations should monitor their ad networks and respond immediately to any suspicious activity.

Consider how the previously mentioned threats apply to your organization’s internal network. It’s important to understand that not all end users prioritize security, but whether it’s clicking the wrong link or making a purchase from what they believe is a legitimate retail site on your network, these actions can lead to unauthorized access. During the Summer Olympics, all industries face increased risks due to increased transaction volumes associated with Olympic purchases (eg tickets, accommodation, travel and retail).

Strengthening the Digital Arena

Organizations don’t have to wait for a major event to strengthen their defenses and defend against cyber threats. Instead, these practices should be a daily routine, further reinforced to eliminate potential increases during activities. Consider using the following methods:

Education and training:

Organizations should educate employees about cyber threats, emphasizing vigilance and safe practices.
Regular trainings inform staff about new tactics.

Incident response plans:

Prepare for the worst. Have robust incident response plans.
Timely detection and localization minimizes damage.

Cooperation and threat analysis:

Share threat intelligence with industry peers. Collective defense is powerful.
Collaborate with law enforcement and cybersecurity agencies.

User awareness campaigns:

Run awareness campaigns during the Olympic season. Remind users of the risks.
Emphasize the importance of reporting suspicious activity immediately.

Even before the Olympic torch is lit, the fight against cyber threats will likely be relentless, but with strategic and proactive preparation and collective effort, organizations and consumers will be able to proactively protect themselves.

About the author

Desra Kraft is a cyber threat intelligence engineer at DefenseStorm. Over the past three years, she has been instrumental in leading and participating in various incident response activities. Before transitioning into the cybersecurity field, Desra received her BA from Mitchell College and worked in law enforcement for 7 years. This experience helped her develop a comprehensive understanding of security principles and investigative practices. A seasoned cybersecurity professional with 4 years of hands-on malware analysis experience and extensive experience in protecting digital landscapes from malicious threats, Desra has an unparalleled ability to analyze complex cyber threats, identify their origins, and implement effective countermeasures. In addition, she holds multiple MITRE certifications that demonstrate her mastery of advanced threat detection and mitigation techniques, as well as a GIAC Security Essentials (GSEC) certification. Known for its keen eye for anomalies and proactive approach, Desra excels in Endpoint Detection and Response (EDR) to rapidly identify, investigate and contain potential breaches. Committed to continuous growth and learning, Desrah remains at the forefront of cybersecurity, committed to strengthening digital infrastructure and inspiring others in the field. Desrah can be contacted online at (email protected) and on our company’s website