Major Cyber Threats Cast Shadow Over the 2024 Paris Olympics

Threat intelligence analysts at Google's Mandiant have issued a warning about the elevated cyber threats facing the 2024 Paris Olympics.

Their report highlights potential cyber espionage, disruptive and destructive operations, financially motivated activities, hacktivism, and information operations, with Russian threat groups posing the highest risk.

Primary concern: Russian hackers

According to Mandiant, Russian state-sponsored actors represent the most significant cyber threat to the Paris Olympics. Given Russia's historical targeting of past Olympic Games and current geopolitical tensions with Europe, this assessment carries considerable weight. In particular, APT44, known for its disruptive and destructive capabilities, is the primary group of concern. This group has previously conducted significant operations against Olympic events, including malware campaigns and influence operations.

Russia's continued frustration over the neutral status of its athletes, unable to compete under the Russian flag, compounds the risk of cyber retaliation. Furthermore, ongoing political tensions related to France's support for Ukraine in the ongoing conflict with Russia heighten the threat level.

Other state-sponsored actors

While Russia poses the greatest risk, other state actors from China, Iran, and North Korea also present varying levels of threat. Chinese actors, primarily APT31 and APT15, are expected to engage in espionage activities, targeting high-profile officials for intelligence collection. Iranian groups, particularly APT42, might leverage the Games as part of their broader espionage and information operations. North Korean actors, such as APT43, may use the Olympics for social engineering and financially motivated campaigns.

Hacktivism and information operations

The global profile of the Olympics makes it a prime target for hacktivists and information operators. Pro-Russian groups, including Anonymous Sudan and NoName057(16), are expected to conduct DDoS attacks and other disruptive operations. The ongoing geopolitical landscape, particularly Russia's response to its athletic restrictions and France's support for Ukraine, may drive a significant amount of pro-Russian disinformation campaigns.

Mandiant also highlighted the potential for Chinese and Belarusian information operations to exploit Olympic-themed content to push their respective narratives. These campaigns could use fabricated or exaggerated stories to influence public perception and sow discord.

Financially motivated threats

The report underscores the risk of ransomware, extortion, and scams during the Games. Given the volume of transactions and the high-profile nature of the event, cybercriminals are likely to increase their activities.

Previous data indicates that France is a significant target for ransomware attacks, which could see a spike during the Olympics. Additionally, ticket scams and Olympics-themed phishing campaigns are expected to be prevalent.

Mitigation strategies

To mitigate these threats, Mandiant recommends several proactive measures:

• Organizations involved in the Games should revise their threat profiles to account for new and elevated threats.
• Hold security awareness training emphasizing the risks associated with Olympics-related social engineering and phishing attacks.
• Advise travelers on the dangers of using public Wi-Fi and potential scams.
• Implement DDoS protection, endpoint hardening, and robust ransomware defenses.

In conclusion, while the security community is better prepared for the cyber threats facing the Paris Olympics than for previous Games, the diverse range of threats requires continued vigilance and comprehensive security strategies. Organizations must take a proactive approach to safeguard against potential cyber incidents during this high-profile event.

If you're planning to attend the games as a spectator, beware of scammers selling fake tickets, Booking-themed phishing campaigns, and companion mobile apps that ask for access to highly sensitive permissions.