The Olympic Games have been protected from cyber-attacks so far

By Dr. Martin J. Kraemer, Cybersecurity Awareness Expert at KnowBe4 [ Join Cybersecurity Insiders ]
266

The expectation of cyberattacks targeting the Olympic Games was widespread. Earlier this year, Mandiant released a report identifying likely attackers as nation-state-affiliated groups from Russia, China, North Korea, and Iran. Cisco anticipated an eightfold increase from the 450 million cyberattacks that Japan’s capital faced in 2020/21. While the accuracy of these projections and their counting methods can be debated, significant cyberattacks on the Games were indeed expected. As the Games now draw to a close, where do we stand?

So far, only a few major incidents have been recorded. These include a ransomware attack on a Parisian museum, an attempted sabotage of the rail network that slightly disrupted travel schedules, and a coordinated attack against the fiber network. The Games have also had to contend with two other significant risks: hacktivism, primarily through denial-of-service attacks, and cyber fraud, including phishing and social engineering targeting brands associated with the Games. More than 338 websites selling fake tickets were identified so far. In total, 68 cyberattacks have been recorded since the start of the Olympic Games.

The ransomware attack on the museum’s shops had no direct impact on the Games. It was carefully timed to occur over a weekend when cybersecurity defense operations were presumably understaffed. However, the 15-member cybersecurity team successfully averted a crisis. The Games have closely collaborated with France’s ANSSI (National Cybersecurity Agency) to protect against such threats.

On May 13, in the buildup to the Games, the Police Prefecture, albeit well-intentioned, inadvertently highlighted potential gaps in the Games’ security preparation through a press release. The announcement of an online platform to generate QR codes for access to the Olympic perimeter caused public confusion and emphasized the need to strengthen security awareness and communication. The introduction of QR codes has, naturally, opened avenues for phishing and social engineering, although no significant incidents have been reported thus far.

If the Olympic Games conclude without a major incident, it will be considered a success, especially given the history of the Games, which is fraught with incidents and attacks. The tragic assassination of participants during the Munich Games in 1972 remains a stark reminder of the vulnerabilities that such high-profile events face. Despite their image as a global and peaceful gathering, the Games have always been a stage for political tensions, with athletes from conflicting nations competing peacefully.

The French have meticulously prepared for these Games. In 2022, the French agency ANSSI was assigned the mission of securing organizations involved in the planning and implementation of the Games. Serving as the single point of contact, ANSSI coordinates a civilian task force known as the National Coordination for the Security of the Olympic Games and Other International Sporting Events (CNSJ). Collaborating with over 700 organizations, the agency has focused on protecting the Games through a five-fold strategy: enhancing cyber threat intelligence, securing digital infrastructure, protecting sensitive data, raising awareness about cyber risks and threats, and preparing an incident response plan. This comprehensive approach included an extensive awareness campaign, the provision of best practices and guiding principles, and even a free security exercise kit.

The Olympic Technology Operations Center (TOC) has performed commendably so far. However, it won’t be until after the Games that we fully understand the extent of what may have been happening behind the scenes, beyond the 68 averted attacks that have been communicated. In Tokyo, organizers identified 400 potential attacks. Although the Paris Games are not over yet, all involved stakeholders—including the IOC, COJOP, ANSSI, Orange, Cisco, and Atos—have collaborated effectively to ensure the Games’ security.

Sources

Infosecurity Magazine | How France is Protecting the 2024 Olympics from Unprecedented Cyber-Attacks

The Connexion | Paris Olympics ticket scams: 338 websites identified for resale fraud 

Ad

No posts to display