The Olympics are set to bring a global spectacle to Paris this summer as thousands of the highest performing athletes from around the globe gather to compete. With global geopolitical tensions running high, among the billions of spectators will also be cyber threat actors who will turn their eyes to the arena for a different reason. The worldwide visibility, financial incentives, political symbolism, and extensive reliance on digital infrastructure make the Olympics an attractive target for a wide range of threat actors.
The IT systems and infrastructure that supports the Olympics provides a hidden—but equally competitive—cyber arena as threat actors and cyber security defenders compete. Unlike the sporting events, there are no medals and there is no second place.
This blog explores the intersection of athleticism and cybersecurity in the days leading up to the events to uncover the biggest anticipated cyber-threats to this year’s games. The blog will also explore proactive and comprehensive defensive maneuvers we can expect to see deployed across physical, digital, and operational domains as security teams work to ensure the security and resilience of the Olympics.
What cyber threats have we seen in past Olympic Games?
The concept of cybersecurity risks impacting major sporting events is nothing new. FIFA World Cup, the Super Bowl, the UEFA Champions League Final, Tour de France, Wimbledon, the Indian Premier League (IPL), and the Rugby World Cup also represent lucrative targets for cyberattacks due to their global prominence, economic significance, and reliance on digital technologies for various operational aspects.
Cyber attackers are likely to target these events’ digital systems (ie: ticketing and scoring systems) and event management platforms, fan engagement channels, and online streaming services and broadcasting networks to disrupt operations or steal sensitive information.
Here are a few examples of the threats that have impacted past Olympic Games:
- 2016 Rio Olympics - Before the 2016 games even began, the official Rio Olympics website and several organizations associated with the Olympics suffered a large-scale, sustained distributed denial-of-service (DDoS) attack that lasted several months. The World Anti-Doping Agency also came under attack from the Russian threat actors known as “Fancy Bear,” who used a phishing campaign to access a WADA database and released confidential information about medication used by forty-one athletes who competed in the Rio Olympics.
- 2018 PyeongChang Winter Olympics - A malware attack directed at the Pyeongchang Organizing Committee took out internet access and telecasts, grounded broadcasters’ drones, shut down the Pyeongchang 2018 website, and prevented spectators from printing out reservations and attending the ceremony—which resulted in an unusually high number of empty seats. Security experts believe the attack was specifically orchestrated to disrupt the Games and potentially send a political message.
- 2020 Tokyo Olympics - Security teams reported 450 million attempted cyberattacks, including Emotet malware, email spoofing, phishing, fake websites, attacks on critical infrastructure, ransomware, distributed denial of service (DDoS) attacks, and 5G network attacks. The volume of attacks was 2.5 times more than those on the London Olympics in 2012.
Why are the Olympics a key target for threat actors?
One of the most watched and celebrated global events, the Olympics provide threat actors numerous opportunities that can be manipulated to meet their nefarious agendas:
- Global visibility and high profile - With millions of spectators, athletes, sponsors, and media coverage from around the world, any disruption or compromise during the event can garner significant attention, allowing threat actors notoriety and ample opportunity to advance their agendas.
- Numerous points of vulnerability – The Olympics represent a massive logistical undertaking, involving complex operations across multiple venues, transportation networks, accommodation facilities, and digital platforms. Despite significant security investments, the sheer scale and complexity pose inherent challenges in maintaining a robust security posture. Numerous potential points of vulnerability—including gaps or weaknesses in physical security, cybersecurity of critical infrastructure and digital systems, personnel training, and supply chain management—can be exploited, allowing threat actors to gain unauthorized access, disrupt operations, or compromise sensitive data.
- Financial incentives – Factoring in ticket sales, broadcasting rights, sponsorships, merchandise, and tourism revenue, the Olympics represent a multi-billion-dollar industry with numerous opportunities for threat actors to seek financial gain (ie: ticket fraud, counterfeit merchandise, ransomware attacks, or theft of sensitive financial information from athletes, sponsors, or attendees).
- Political and ideological disruption - The Olympics are a potent target for threat actors with political or ideological motivations. Nation-state actors, hacktivist groups, or extremist organizations may seek to disrupt or undermine the event to advance their political agendas, provoke geopolitical tensions, or promote their causes. Following Russia’s suspension for state-sponsored doping and ban from World Athletics following the invasion of Ukraine, the Olympics have come under heavy attack from Russian threat actors seeking to make political points.
- Espionage - The convergence of athletes, officials, dignitaries, and media representatives from diverse countries and backgrounds provides a unique opportunity for intelligence gathering and espionage. Threat actors, including state-sponsored espionage groups, may target the event to collect sensitive information, conduct surveillance, or infiltrate networks for future operations. In 2022, the FBI urged athletes and visitors alike to use temporary phones while attending the Winter Olympics in Beijing to mitigate the risk of malicious apps, tracking tools, or malware being installed on devices with access to sensitive data.
Cyberattacks we can expect to see at the 2024 Paris Olympics
Based on current trends and technological advancements, several new threats could come to light during the Olympics this year. Here are some of the most anticipated cyberattacks to watch out for this year.
Identity centric attacks
Now that it is becoming much easier for threat actors to login than hack in, identity is the new perimeter to watch. It will likely be widely targeted during the Games at both a tactical level, where attempts to gain access to systems and data will seek to disrupt the Games, but also at a strategic level, with the Games being used as a cover for capturing the identities and access of the foreign dignitaries in attendance.
We can expect the wide range of identity-centric attacks to include:
- Password sprays and credential stuffing attacks – We have seen a recent surge in high-profile password spray attacks, most notably the Midnight Blizzard attacks that compromised Microsoft. With millions of breached credentials available, threat actors can quickly take lists of common, default, or compromised passwords and test them against a range of systems. It only takes one user with a reused or default password for attackers to gain a foothold in a system.
- Identity infrastructure and back door attacks – Just like the Games themselves, we often focus on the players without giving too much thought to the infrastructure and support around them. In recent attacks, threat actors—like Scattered Spider—have sidestepped security controls protecting the accounts of key IT players, such as Okta super admins, by socially engineering the help desk to reset passwords or MFA devices. Once they have access to such an account, the goal has been to add a rogue identity provider (IdP) to the environment to provide a persistent back door into any system. These types of attacks often evade detection due to limited monitoring of the identity infrastructure and an assumption that the key accounts are protected.
- Hidden paths to privilege – With increasingly complex connections between systems, it is often hard to track all the ways in which a threat actor might access the privileges they need to inflict damage. While there are some obvious administrator accounts that need to be heavily protected, in many cases, the seemingly unprivileged, low-level accounts may also have a path to privilege via a group membership, misconfiguration, or obscure entitlement, providing a hidden way to elevate privilege that attackers could find and exploit.
Disruption and distraction
Often, when we think about cybersecurity, we focus on the confidentiality and integrity of data, but disrupting the availability of data can be equally impactful. If threat actors cannot break into systems, they may simply bombard them with Distributed Denial of Service (DDoS) attacks in an attempt to render them useless during time-sensitive activities. Examples of the disruptions we could expect to see at this year’s Games include:
- Attacks on the digital backbone of the Games – The Olympics has a broad attack surface for DDoS attacks, including global live streams, digital ticketing, transport infrastructure, and event websites. Keeping these systems up and available is critical for the success of the Games.
- Political statements and profit – The motives for DDoS attacks will vary. In some cases, they will be politically motivated to disrupt activities or coverage of a specific nation or group of nations. In other cases, threat actors will be attempting to make a profit by holding systems to ransom, exploiting the time-sensitive nature of the event.
Scams and surveillance
As with any large event, there will be no shortage of scams attempted during the Olympics. Fake tickets, rogue apps, phishing emails, social engineering, and pick pocketing are all to be expected. Attendees will need to keep their wits about them to stay safe and secure. While some of the scams will be obvious (for example, trying to convince you to pay for free information), others will be more subtle and focussed on collecting data:
- Deepfakes – A number of deep fake videos have appeared online in the past year—in one case, using an AI generated Tom Cruise to spread disinformation about corruption, and in another case using a fake news report to claim certain countries’ athletes were going to be banned. While these videos were quickly removed from YouTube, they continue to circulate on social media and appear to originate in popular Russian Telegram channels.
- Harvested personal information – Fake websites, apps, and phishing emails will seek to harvest as much personal and financial information as possible. This information can later be used for a wide range of purposes, including conducting sophisticated, targeted social engineering campaigns in the future. At the Beijing Olympics, the official My2022 app used by athletes to track health data for Covid19 was found to have security flaws that could allow a threat actor to access sensitive information. It also contained the ability to monitor for politically sensitive keywords sent in messages.
5 key preventive measures to ensure security at the 2024 Olympics
Paris 2024 have been working closely with the French national agency for information security (ANSI) and several cybersecurity vendors to limit the impact that cyberattacks have on the Games. Given the heightened geopolitical tensions, it is no surprise they are expecting a 10-fold increase in attacks compared to the Tokyo games. To prepare, they have been conducting preemptive tests, paying ethical hackers to test systems in advance, and applying AI technologies to triage threats from a dedicated cybersecurity operation center in a secret location.
"We can't prevent all the attacks, there will not be Games without attacks but we have to limit their impacts on the Olympics."
The increasing threat to the Olympic Games highlights the importance of implementing robust cybersecurity measures to secure such high-profile events. Here are some key areas organizers, government agencies, and cybersecurity partners are likely focusing on to mitigate cyber risks and ensure the resilience of Olympic operations:
1. Getting ahead of the competition – Just like the athletes, those securing the systems for the Games don’t just show up on Day 1 of the Games. They plan and they practice well in advance, bringing in expertise to push them and find weakness before the Games begin. There is a focus on continual improvement and reducing risks to ensure success. The more you can understand where your weaknesses are and how your competition might exploit them, the better you can be prepared to win.
2. Identity security - Identity security plays a critical role in protecting the Olympics by ensuring the integrity, confidentiality, and availability of digital identities and access controls. By implementing robust identity management, authentication, authorization, and monitoring capabilities, organizations can mitigate the risk of cyber threats, insider risks, and compliance violations, thereby safeguarding the security and resilience of Olympic operations and infrastructure.
3. Least Privilege – Much like the Games themselves, least privilege is a timeless concept that transcends changes in technology and geopolitics. If you focus on giving users just the access and privileges they need, when they need it, you can greatly reduce your attack surface by eliminating excessive privileges that only represent risk.
A 2023 ANSSI report on cyber security for major sporting events in France calls out administrators as a big target for attackers, suggesting admin functions require a higher level of vigilance and protections. The report also makes a number of recommendations around protecting administrative accounts and reducing the attack surface as much as possible through controlling access and avoiding the exposure of services to the internet, where possible.
4. Access control - Implementing strong authentication mechanisms, access controls, and privilege management protocols to restrict access to sensitive systems and data based on the principle of least privilege plays an important role in ensuring that only authorized individuals can access critical resources. Avoid broad access solutions—like VPNs, which can provide a successful threat actor with access to the entire network—and look to more granular, secure remote access solutions that can follow a zero trust approach.
5. Cloud and hybrid security - Securing cloud-based infrastructure alongside traditional on prem infrastructure can be challenging. Not only can you open up a whole new public-facing attack surface, but you can also introduce hidden paths to privilege that might allow an attacker to pivot from on-prem to cloud, or vice versa.
Many organizations have struggled to get a handle on cloud privileges, making it easy for attackers to move laterally and access critical data. It is important to take a holistic approach to identity and ensure you have visibility and control of privileges and access across the entire environment to avoid building silos with limited visibility. It is also important to have the right tools in place to find, understand, and manage privileges across the entire ecosystem.
Final remarks as the athletic and cybersecurity feats hit the global stage
With all eyes turned to watch the Paris Olympics, and as the volume and sophistication of cyberattack vectors continue to rise, the potential for a cybersecurity incident to disrupt the Games is higher than ever. It is imperative for everyone involved—from spectators to the organizations that work with the Games—to be on high alert and adapt their defenses so they can effectively detect, mitigate, and respond to emerging threats during the Games.
The Games serve as reminder that we can always push ourselves further and, through focus, dedication, and training, achieve our personal best. If you are looking at the growing threats facing the Olympics and your own organization but aren’t sure where to start improving your Identity Security, BeyondTrust is here to help.
We have taken our decades of deep experience managing and protecting privileges in innovating our Identity Security Insights product to help you find where privileges and identity risks exist in your organization, build a proactive training plan to reduce your identity attack surface, and detect when identities and identity infrastructure are under attack. If you want to learn more or would like to start a 30-day complimentary trial, visit beyondtrust.com/insights.
![Photograph of Laura Bohnert](https://assets.beyondtrust.com/assets/images/user-photos/_people/Laura-Bohnert.jpg?auto=format&q=80)
Laura Bohnert, Sr. Marketing Content & PR Manager
As a Sr. Marketing Content & PR Manager at BeyondTrust, Laura Bohnert applies a multifaceted, tech-centered marketing skillset to help drive SEO, blog, PR, and product marketing in support of BeyondTrust’s demand generation and sales enablement initiatives. She has a diverse background in product marketing, brand marketing, content writing, social media, event coordination, and public relations. Outside of the tech world, she has a passion for literature, with a BA, MA, and PhD Candidacy in English Literature, and she can either be found beekeeping, restoring her historic haunted house, or continuing her dissertation on the psychological interpretations of ghosts in gothic and horror fiction.