Giant global events — such as the Paris 2024 Olympic Games — can expect to continue to be targeted by cyber criminals and must ensure they are well prepared, according to Stormshield.
The OT/IT cybersecurity vendor spoke to Vincent Riou, cybersecurity partner at Avisa, who noted that physical security and cyber security issues must be considered together in hybrid environments.
“Some attackers might be tempted to attack certain systems in order to gain access to physical spaces without the appropriate credentials, or force spectators to leave protected spaces and gather outside them, thus facilitating terrorist attacks,” Riou was quoted as saying.
Large global events like the Olympic Games facilitate high-impact attacks of various kinds — making IT, data and information protection integral to an overall security approach, Riou suggested.
According to Stormshield’s blogger Victor Poitevin, the Paris 2024 Summer Olympic and Paralympic Games for example is expected to be the largest event held in France since 1900. T
“Figures are staggering: a budget of €7 billion (£5.9bn), four billion television viewers, 12 million spectators, 30,000 volunteers, 10,000 athletes, 206 nations and 40 competition sites to secure, among others,” he wrote.
The Tokyo Summer Games in 2021 saw some 400 million cyber attacks, according to Japan news site Kyodo.
Avisa Partners’ Riou said that large events are a “formidable vehicle” for boosting the image of the host country that hosts them, which also means that technical flaws and problems might be broadcast to the planet.
“We see state-affiliated groups with geopolitical motivations and the goal of destabilising the country. Next we have opportunistic cybercriminals tempted by financial windfalls from, say, ransomware attacks, leveraging the organisers’ ‘urgent’ need to restore normal operation,” he said.
Hacktivist groups with ideological objectives can also deface websites or conduct denial-of-service attacks, he added.
Video capture systems for television or referees, CCTV cameras and alarm systems, badge and ticket readers, and other smart equipment can be vulnerable as can logistics and subcontracting operations across a range of locations, including open venues in capital cities, with spectators and participants also targets.
Expected threats – and how Paris is tackling them
Stormshield’s Poitevin also quoted Nicolas Caproni, a threat research head at Sekoia.io.
“Cybercriminals will opportunistically exploit the event to conduct phishing campaigns, using themed competitions to increase the chances of persuading users to open messages and click on compromising links.
“They can also hide malware inside a PDF as part of a scam to sell or resell tickets. They will also try to harvest personal and credit card data that will later be of value on the darknet,” Caproni reportedly said.
“Some attack groups now specialise in disinformation and fake news. These new weapons can be used to disrupt events by leaking data that should not have been leaked, or falsified data.”
According to Stormshield, Paris 2024’s organisational cybersecurity budget is around €17 million, covering a prevention and defence programme with full-scale simulations, secure application code, and an effort to compartmentalise network and server layers when designing infrastructure, security audits and security operations.
“An awareness-raising programme is also being implemented with training for employees, sponsors, subcontractors, athletes and all stakeholders,” Poitevin wrote.