Category: Olympics

A recent study by ExtraHop reveals that ransomware attacks on the Paris 2024 Olympics are almost unavoidable. Over the past year, the IT infrastructure supporting the games has been a frequent target, with some incidents resulting in ransom payments totaling $2 million.

The scale of the event, featuring over 15,000 athletes competing in 54 sports and attracting millions of visitors, places immense pressure on the IT systems.

Cisco, the official security partner for Paris 2024 and also responsible for securing the Tokyo 2020 Games—which faced more than 450 million cyber-attacks—emphasizes the critical nature of the challenge.

Cyble, a cybersecurity firm, reported a significant rise in attacks on French Olympic websites between June and July 2024. The International Olympic Committee (IOC) identified two Russian-speaking hacking groups, “People’s Cyber Army” and “HackNet,” as responsible for these breaches.

While some attacks have been financially motivated through ransomware, others have been Distributed Denial of Service (DDoS) attacks intended to disrupt the event and cause chaos among organizers, athletes, and visitors.

Experts predict that future attacks will become increasingly sophisticated, leveraging phishing, social engineering, and advanced technologies such as Generative AI and deepfake techniques.

To combat these threats, the IOC has assembled a specialized Cyber Troop consisting of 15 military and civilian cybersecurity experts, working around the clock. This team is part of the larger 3,000-member COJOP staff dedicated to safeguarding France’s critical infrastructure.

Additional support is provided by ANSSI and other French state agencies, reinforcing the Cybersecurity Operations Center as needed. Both teams will remain active until the conclusion of the Olympics and Paralympics on September 8, 2024, after which their operations will be scaled down.

The post Ransomware attacks are inevitable on Paris Olympics 2024 appeared first on Cybersecurity Insiders.

The 2024 Paris Olympic Games, set to begin later this week and extend through mid-August, are anticipated to face significant cybersecurity risks according to experts. Here are the primary concerns:

1. State-sponsored Hacking: French intelligence agency ANSSI has issued warnings that state-funded actors, particularly from Russia, may target the digital infrastructure of the games. This comes in response to Russia’s ban from participation due to doping and geopolitical tensions. Hackers may aim to disrupt the event and attract global media attention through various cyber attacks including data breaches, DDoS attacks, and other forms of fraud. Groups like the People’s Cyber Army have already expressed intent by targeting French websites.

2. Fraudulent Mobile Applications: Organizers have developed mobile apps to aid visitors, volunteers, and athletes with navigation, accommodations, and transactions. How-ever, security experts caution that malicious apps disguised as legitimate ones have surfaced on app stores. These fake apps aim to steal personal data and financial information.

3. Dark Web Data Sales: Recent incidents, such as data sets being sold on the dark web, highlight the risk of sensitive information being compromised. Credentials and personal data can be sold for profit, posing a threat before and during the games.

4. Email and SMS Phishing: Cybercriminals are increasingly using phishing scams to ex-tract valuable information from volunteers, organizers, and visitors. Users are advised to avoid clicking on suspicious links that could lead to malicious websites designed to collect personal data.

5. Ticket Sale Frauds: Experts advise against disclosing personal information when purchasing tickets or using transit services related to the Olympics. Unauthorized access to personal information like dates of birth, social security numbers, and bank details can lead to identity theft and other fraudulent activities.

To mitigate these risks, it is recommended to download tickets exclusively from official plat-forms and use only verified apps like the official Olympic Games Paris 2024 mobile app. Additionally, monitoring bank statements regularly for unauthorized transactions is advised to detect and mitigate potential fraud promptly.

The post Major Cyber Threats lurking at Paris Olympic Games 2024 appeared first on Cybersecurity Insiders.

As Paris gears up to host the 2024 Olympic Games, the city and its organizers face a monumental task not only in ensuring the safety and smooth operation of the physical events but also in safeguarding against potential cyber threats. In an era where digital technologies are integral to almost every aspect of modern life, the Olympics present a high-profile target for cyber-criminals and malicious actors. Here’s how cyber protection can be effectively managed to ensure a successful and secure Olympic Games in Paris.

Understanding the Cyber Threat Landscape

Cyber threats come in various forms, ranging from ransomware attacks and phishing scams to more sophisticated state-sponsored espionage and sabotage attempts. The sheer scale and visibility of the Olympic Games make them an attractive target for these threats. Disruption of event operations, compromise of sensitive personal or financial information, and damage to the reputation of both the Games and the host country are all potential consequences of a successful cyber-attack.

Key Strategies for Cyber Protection

1. Risk Assessment and Planning: Conducting a thorough risk assessment is the first step in developing a robust cybersecurity strategy. This involves identifying potential vulnerabilities in networks, systems, and processes that could be exploited by malicious ac-tors. Once risks are identified, prioritize them based on their potential impact and likelihood of occurrence.

2. Implementing Strong Cybersecurity Measures: Deploying strong cybersecurity measures is crucial. This includes using advanced firewalls, intrusion detection systems, and encryption technologies to protect networks and data. All systems should be regularly updated with the latest security patches and configurations to mitigate known vulnerabilities.

3. Training and Awareness: Human error remains one of the weakest links in cybersecurity. Organizers, volunteers, athletes, and staff should undergo comprehensive cybersecurity training to recognize and avoid common threats such as phishing emails and social engineering attacks. Promoting a culture of cybersecurity awareness can significantly reduce the risk of successful attacks.

4. Securing Infrastructure and Communication: The Olympic Games rely heavily on complex infrastructure and communication networks. These include everything from ticketing systems and transportation logistics to broadcasting and media operations. All critical infrastructure should be protected with multi-layered security measures, including access controls and continuous monitoring for suspicious activities.

5. Collaboration and Coordination: Cyber threats are global, and effective cybersecurity requires collaboration among multiple stakeholders, including government agencies, international organizations, and private sector partners. Establishing clear lines of communication and coordination ensures a swift and coordinated response to any potential cyber incidents during the Games.

6. Incident Response Planning: Despite preventive measures, it’s crucial to prepare for the worst-case scenario. Developing a comprehensive incident response plan enables quick detection, containment, and recovery from cyber incidents. This plan should out-line roles and responsibilities, communication protocols, and steps for restoring operations while minimizing disruption.

Conclusion

The 2024 Paris Olympic Games represent an opportunity for celebration and international co-operation. However, ensuring their success goes beyond organizing physical events; it also involves protecting against evolving cyber threats. By implementing rigorous cybersecurity measures, fostering awareness, and fostering collaboration, Paris can mitigate risks and host a safe and secure Olympic Games that showcase the best of global athleticism and sportsman-ship. Effective cyber protection is not just a necessity but a responsibility to safeguard the integrity and continuity of this historic event.

The post Securing the Paris Olympic Games 2024: Ensuring Cyber Protection appeared first on Cybersecurity Insiders.

It’s no secret that the Olympics is one of the most highly attended events in the world. This year, it is expected that the Olympics will bring over 15 million visitors to Paris. With such a heavy influx of people, protecting the event from both physical and cyber-attacks is a massive but vital undertaking. This year, it’s safe to say that the spotlight will be on mobile devices as they are our first choice for how we communicate, work, bank, take photos, navigate, shop and stay informed. This year, it is important to be aware of the risks associated with mobile devices as bad actors will have them high on their hit list. In fact, according to Zimperium’s Global Mobile Threat Report 2023 , 43% of all compromised devices were fully exploited (not jailbroken or rooted), an increase of 187% year-over-year. What’s more, the CISO for the Paris Olympics 2024 has announced that the number of attacks is expected to be eight to ten times higher than it was for the Tokyo Olympics. This piece will explore those risks and give insights on how to prepare for them. 

Don’t fall prey to risky QR codes

Mobile devices are a main avenue in which today’s cybercriminals are launching highly evasive attacks. In the last few years, QR codes have risen in popularity because of their ease and swift ability to share information by simply scanning a mobile phone’s camera. They will undoubtedly have a heavy presence at this year’s Paris Olympic Games (i.e. scanning codes via your personal TV, downloading Olympic related apps) and it is important to know that a QR code is just like a URL but worse, as you can’t see the real URL you really visiting prior to scanning it. So it’s really important to ensure you know where the QR code is actually taking you.

Make sure you don’t fall victim to malware by clicking on QR codes with malicious links that require you to download an application. Download the application from a trusted app store instead of following an opaque link to download an app from a third-party app store or an unknown source. We expect to see many fake apps centered around the Olympics. In fact, more than 200 fraudulent sites selling tickets for sporting events have already been detected by French police in recent months, and the French government has announced that it has fallen victim to cyberattacks of “unprecedented intensity.” 

Malicious Data Collection

With millions of people traveling to Paris this summer for the Olympic games, bad actors are preparing themselves to attack on all fronts, one of which is through guest Wi-Fi networks that can easily be corrupted i.e. public networks at the games, local coffee shops, airports etc. To all individuals who think logging into public Wi-Fi networks is safe, you better think twice. Bad actors can easily create open Wi-Fi hotspots disguised as legitimate and free networks, which, if connected to, compromise devices and install dangerous malware. To make matters worse, bad actors can also use these tactics to launch Man-in-the-Middle (MITM) attacks, where attackers interrupt an existing conversation or data transfer to steal account details, credit card numbers and login credentials. Once an unsuspecting user connects to the free, malicious Wi-Fi hotspot that the attacker created, the bad actor has full visibility into the exchange. The last thing anyone wants to have to spend time on while trying to enjoy the games is having to spend precious time on the phone with banks and credit card companies notifying them of nefarious activity.  If you must use a public Wi-Fi network, consider using a VPN for an added layer of protection and be sure you’re transacting with SSL/TLS protected web sites.

The CISO for the Paris Olympics 2024 has announced that the number of attacks is expected to be eight to ten times higher than what we saw occur at the 2020 Tokyo Olympics. With an event of this magnitude, the French authorities are working around the clock to prepare for possible cyberattacks and nefarious activity. The Comité d’organisation Paris24 (Organising Committee for Paris24 is taking great precaution to ensure the games go as smoothly as possible. France will not be exempt from attempts to destabilize the country through computer / mobile device sabotage. According to the French Cybersecurity Agency (ANSSI), attackers may be encouraged to penetrate and maintain a position on critical networks amidst ongoing international tensions and turmoil. This is a prevalent reason why ANSSI is calling on organizations to be better equipped and follow cyber protection recommendations such as creating a strong security strategy tailored to this event, developing detection capabilities, implementing an information system backup strategy, and drawing up recovery plans.

The biggest takeaway here is that in a mobile-powered world, a mobile-first security strategy is vital. Mobile devices and apps are an integral part of some of the largest events and organizations in the world. It is essential to establish advanced, adaptive protections that safeguard against unsafe devices, unsafe networks, phishing, and malware attacks that can destabilize networks and put millions of users at risk. Establishing these protections must become the new norm for business leaders.

Bio:

Krishna Vishnubhotla is a seasoned professional in the SaaS industry, specializing in catalyzing startup growth through adept product and marketing strategies. With a keen focus on mobile application security products, he has a proven track record in defining and executing product visions that drive significant revenue growth. In addition to managing a global customer success portfolio, he established high-value strategic partnerships. His leadership skills extend to spearheading revenue generation efforts, serving a diverse clientele across multiple industries.

The post Top Tips to Keep Data Safe During the 2024 Paris Olympics appeared first on Cybersecurity Insiders.

Cybersecurity teams at Microsoft Threat Intelligence and Google’s Mandiant have jointly issued a stern warning regarding potential cyber threats facing the organizers of the upcoming 2024 Paris Olympic Games. Their alert highlights the looming danger of Russian threat actors orchestrating espionage, disruptive, and even destructive digital attacks. These attacks could be motivated by a desire for financial gain or aimed at tarnishing the reputation of the organizers on a global stage.

In addition to the Russian threat, Mandiant has also raised concerns about low-risk threats originating from countries such as North Korea, Iran, and China. These nations could potentially provide support to Russian state-sponsored hackers, further amplifying the cyber threat landscape surrounding the event.

Microsoft, echoing Mandiant’s concerns, has issued a separate warning regarding the use of AI-generated attacks targeting the Olympic games. This was exemplified by an incident in June 2023 when a threat actor circulated a generative AI film titled “Olympics has Fallen,” aiming to undermine the integrity of the organizing committee.

The onslaught of disinformation campaigns has already begun, with threat actors targeting the organizers well in advance of the event scheduled between July 26th and August 11th, 2024. Cybersecurity infrastructure utilized for facilitating the multi-sport international event is at risk of being compromised.

Phishing scams pose a significant threat, alongside manipulations of account creations, particularly targeting consumers seeking free event streaming. Furthermore, the proliferation of fraudulent ticket sales websites, often propagated through SEO Poisoning, adds another layer of complexity for organizers to combat. Visitors to Paris are cautioned to remain vigilant against potential malware threats lurking in public Wi-Fi networks and charging stations.

Two cyber-criminal groups, Storm 1679 and Doppelganger (also known as Storm 1099), have been specifically tasked by Russia to target the Paris Olympics 2024, highlighting the gravity of the situation.

To mitigate these risks, adopting robust security measures such as utilizing 12–16-character passwords for accessing email, social media, banking, government services, and online shopping platforms is recommended. Additionally, vigilance against phishing attempts and scams, coupled with regular software and hardware updates, remains paramount in safeguarding against cyber-attacks.

The post Google n Microsoft confirm Cyber Threat to 2024 Paris Olympics appeared first on Cybersecurity Insiders.