Companies associated with the Paris Olympics 2024 are facing an increased danger of cyber threats such as ransomware, leaked credentials, and phishing attacks, according to a recent analysis.
In a new report released by the Insikt Group, the research division of security company Recorded Future, it was revealed that there have already been instances of posts selling access to organizations involved in the Games in France and compromised credentials using domains like “paris2024[dot]org” on the Dark Web.
The study highlighted the most significant threats to the Games based on previous attacks, existing risks, and geopolitical circumstances.
During the Olympics, companies operating in sectors like hospitality and transportation will likely be more susceptible to ransom demands because of increased losses during downtime. As a result, malicious actors view the Olympics as an attractive target for cyber attacks.
The authors of the report “Hurdling over Hazards: Multifaceted Threats to the Paris Olympics” also warned that attendees will probably be targeted with phishing schemes related to the Games.
Take a deeper dive into the primary cyber threats for the 2024 Paris Olympics as identified in the report by TechRepublic.
Ransomware assailants focus on firms linked to Paris Olympics
According to the report, cybercriminals are expected to exploit the vulnerabilities in a host city to extort ransom payments.
Organizations involved in the management of the Games will be under immense pressure to sustain high levels of service. Such entities operate in diverse sectors like hospitality, transportation, logistics, healthcare, and government. They might not be equipped to handle the increased demands during the influx of 15 million tourists, unlike the primary organizers, the International Olympic Committee, and International Paralympic Committee.
SEE: 94% of Ransomware Victims Have Their Backups Targeted By Attackers
Furthermore, the inclination of companies to pay ransom post-ransomware attacks is declining, with a 32% reduction in the average payout from Q4 2023 to Q1 2024. This has heightened the motivation for cybercriminals to launch successful attacks.
Given these factors, the risk of ransomware attacks on organizations involved in the Games is significant, as attackers will seize the opportunity for financial gain. Notably, under normal circumstances, the manufacturing, retail, and construction sectors are among the top four industries most targeted for ransomware in France.
Despite the high risk of ransomware attacks, the level of disruption is expected to vary depending on the critical role of the targeted organization. The report authors emphasized that a single cyber incident is unlikely to cause a complete halt to the Paris Olympics due to the independent operation of the organizations and processes supporting the Games.
Ransomware forms part of double blackmail
The report suggests that ransomware attacks are likely to be part of double extortion strategies where threat actors not only demand payment for restoring data access but also threaten to leak sensitive information to the dark web or publicly to add pressure. The exposure of information could lead to subsequent cyber threats, regulatory fines, and damage to reputation for businesses and the Games.
Other forms of extortion that can accompany ransomware attacks include website defacement, doxxing, distributed denial of service, and executive harassment, which further intensify the pressure on companies to pay the ransom.
Initial access brokers vending remote access to companies associated with Paris Olympics
Analysts from the Insikt Group anticipate a surge in activities by initial access brokers due to the heightened interest in successful ransomware attacks on organizations related to the Paris Olympic Games.
These specialized threat actors sell remote access to compromised corporate networks through Dark Web forums and private channels like Telegram. Ransomware operators and other threat actors can purchase access to Games-related entities from these brokers to launch their attacks.
SEE: Initial access brokers: How are IABs related to the rise in ransomware attacks?
From the beginning of the year until April 29, 2024, the Insikt Group has monitored 17 threat leads on advertisement of initial access methods for French entities and 14 for industries connected to the Games in France, such as sports, entertainment, and hospitality. These listings were discovered on the Dark Web and in forums and included access to various systems like remote desktop protocol, web shells, File Transfer Protocol Secure, and a customer relationship manager system with admin privileges.
The researchers note that the volume and significance of credentials affecting the Paris Olympics are likely to rise leading up to the event to meet the demand from threat actors.
Compromised credentials, acquired from infostealer malware or Dark Web data leaks, are a primary method for threat actors to breach a target organization’s system. These credentials can be used for social engineering, business email compromise, spear phishing, or other attacks enabling lateral movement within an organization’s network.
From January 1 to April 29 of this year, analysts identified 624 references to compromised credentials of Paris Olympics employees on Dark Web platforms and marketplaces. Domains like olympics[dot]com, paris2024[dot]org, and paralympics[dot]org were included, along with login details of an email account presumably linked to a current employee.
Phishing scams targeted at Paris Olympics attendees and affiliated companies
The report authors stated that phishing attempts related to the Olympics will likely target businesses and attendees through email and text messages disseminating malware to steal credentials and personal information. These messages may use urgent language, impersonate executives or vendors, and direct victims to malicious websites posing as legitimate vendors or ticketing platforms.
SEE: Spear Phishing vs Phishing: What Are the Main Differences?
There have already been observed cases of typosquat domains related to the Olympic Games, where intentional misspellings redirect visitors looking for valid sites to fraudulent versions upon entering a misspelled URL.
Mitigation strategies for cyber threats at the Paris Olympics
The report provides several recommendations for organizations associated with the Paris Olympics to reduce their cyber risk:
- Ensure comprehensive visibility of the organization’s attack surface with a threat intelligence platform, monitor alerts, automate responses, and stay informed on the threat landscape.
- Identify and resolve infostealer logs and leaked credentials related to your organization to prevent data breaches, ransomware, and other attacks.
- Detect and take down fake domains and brand impersonations that could be used to deceive customers or stakeholders.
- Enhance awareness of phishing among employees and prioritize patching of critical vulnerabilities.
- Stay vigilant of geopolitical events that could influence hostile nations’ intentions to carry out cyber intrusions during the Paris Olympics.
“Organizers and related stakeholders must focus on an adaptive security strategy that considers geopolitical threats and the capabilities of various threat actor groups,” the authors suggest.
“Monitoring the evolution of cyber and influence threat actor tactics, techniques, and procedures and adopting new technologies to enhance cyber defenses across all organizations involved in the Paris Olympics, from the IOC to public transportation, while fostering international cooperation in intelligence sharing, will be crucial to ensuring the successful execution of the Paris Olympics.”
About Author
