While athletes worldwide descended on Paris for the 2024 Olympics, so did cyber threats. Franz Regul, Head of IT Security for Paris 2024, predicts at least eight to 12 times the number of attacks launched against the Tokyo Games in 2021.
Paris 2024 has been proactive in ensuring their systems are secure. They have been employing ‘ethical hackers‘ to conduct rigorous stress tests and utilizing artificial intelligence to assist in sorting through and prioritizing potential security threats. These measures should reassure everyone involved in the event.
However as the games continue to progress, Josh Jacobson, Director of Professional Services at HackerOne, discussed the probability and motivations behind cyberattacks, and their possible impact, complemented by insights from Kiran Chinnagangannagari, CTO at Securin.
Josh Jacobson, Director of Professional Services, HackerOne, shared, “We can be near certain that cybercriminals will target the Olympics in some way this year. We’ve already seen attacks on ancillary systems such as the French Rail Networks. While these attacks may not directly impact the Olympic Committee itself, they could impact the games, as there is a high chance that we will continue to see support systems and networks targeted and affected throughout the event. Targets could include infrastructure like transport all the way down to individuals such as athletes, Olympic employees, and production crews.
It’s important to note that the Olympians and the teams putting on the spectacle are not the only targets. There is also a significant risk of attacks against the attendees and spectators. These could be fake ticketing sites, social engineering campaigns, or phishing attacks. Who these cybercriminals target depends on what information they want to gather and from whom—it could be nations targeting their own people to track dissent or criminals looking for financial gain. The potential impact on individuals is a genuine cause for concern and must be managed.
Where criminal groups may care more about monetary gains, nation-state actors operate with the goals of disruption and embarrassment. As we’ve already seen, mass transit is an ideal target with likely outdated and under-supported interconnected systems. Public transport disruption causes mass people and reputational impact on the affected organs and the city of Paris and creates unrest among the attendees. That doesn’t even begin to factor in the mass cost repercussions. What makes these attacks even more concerning is that they could come from nation-states or hacktivist groups who are against the Olympics, each with their own unique motivations.
Only time will tell how the summer games will play out. Still, we hope that the security and IT teams behind the event and the surrounding systems have prepared for as many scenarios as possible to protect everyone involved, from the attendees to the Olympians to the people of Paris.”
Kiran Chinnagangannagari, CTO & CPO, Securin also commented, “As the highly anticipated 2024 Paris Olympics kicks off, there are a range of cyber-attacks that officials can expect and be prepared for. From one-off, non-threatening hackers looking to cause mischief to legitimate cyber threats affecting the games and Parisian critical infrastructure, French officials can expect hacktivists, state-sponsored groups and organized crime groups to be the main cyber threats during the 2024 games.
Chinnagangannagari also shared, “Franz Regul, the Head of IT Security for Paris 2024, has made it clear that they’re focusing on sabotage operations – and that significant resources, training and scenario planning/simulations have gone into that – including keeping the location of their SecOps center secret. After Regul estimated that these Olympic games would see eight to 12 times the number of attacks than those at the Tokyo Games in 2021, they should prepare for an uptick of ransomware attacks, phishing attempts, DDoS, misinformation/deep fakes, online scams and third-party exploitation during the duration of the games. Security teams have already begun conducting stress tests by carrying out ransomware and DDoS simulations, and that is a great starting place when training to take on Olympic-level cyber threats. French security teams should continue utilizing AI to assist in their defenses and be cautious when prepping for cyber threats.
International agencies can support France by sharing continuous asset discovery and having rapid response teams on standby to recover and restore when an attack happens. This must be a collective effort between France as the host city and other international agencies to protect the games and the athletes representing their country.”
While it’s been anticipated that the Paris 2024 Olympics will experience an increase in cyberattacks from criminals, nation-states, and hackers targeting event operations and attendees, Jacobson and Chinnagangannagari have highlighted the importance of international support for France to continue to secure the games and ensure safety. Despite the event’s onset, vigilance and preparedness against cyber threats remain vital.
