Organizations linked to the Paris 2024 Olympic Games are at increased risk of cyber attacks including ransomware, credential leaks and phishing campaigns, according to a study.
Insikt Group, the threat research division of security firm Recorded Future, has already observed posts advertising access to organizations related to the Games in France and compromised credentials using “paris2024.”[dot]org” on the Dark Web.
These findings were published in a new report that highlights high-priority threats to the Games, based on an assessment of past attacks, existing threats and geopolitical context.
Companies in industries like hospitality and transportation are more likely to pay a bailout during the Olympics because they will lose more business than usual during any downtime. As a result, cyber attackers will see the Olympics as a lucrative opportunity, the report states.
But it's not just organizations that are at risk, as the authors of “Hurdling over Hazards: Multifaceted Threats to the Paris Olympics” say attendees will “almost certainly” be targets of Olympics-related phishing schemes.
TechRepublic takes a closer look at the highest priority cyber threats to the Paris 2024 Olympic Games identified in the report.
Ransomware attackers target companies linked to the Paris Olympics
The report's authors “expect to see cybercriminals take advantage of the pressures a host city faces to extort ransomware payments.”
Companies involved in organizing the Games will come under increasing pressure to maintain high and continuous service levels. They will be involved in sectors such as hospitality, transportation, logistics, healthcare and government. These companies will also not be accustomed to the demand that will come with the new visibility and the arrival of 15 million tourists, unlike the main organizers, the International Olympic Committee and the International Paralympic Committee.
SEE: 94% of ransomware victims have their backups targeted by attackers
Additionally, the number of businesses choosing to pay the ransom when attacked by ransomware is currently decreasing, with the average payment decreasing by 32% between Q4 2023 and Q1 2024. As a result, cybercriminals are highly motivated to launch a successful attack.
These two factors combined mean that the risk of ransomware attacks for organizations associated with hosting the Games is high, as attackers will take the opportunity to get a payday. In fact, according to the report, the manufacturing, retail and construction sectors are among the four most affected by ransomware in France under normal circumstances.
However, while the risk of a ransomware attack is high, the level of disruption “will vary depending on the critical role played by the targeted organization” and there is “almost no chance of completely stopping the Paris Olympics” due to a just attack. cyber event, according to the report's authors. This is because most of the organizations and processes supporting the Games operate separately from each other, so there will be no domino effect of disruption.
Ransomware is part of a double extortion
The report's authors state that ransomware intrusions are likely to be part of double extortion attacks. Threat actors will not only demand payment in exchange for restoring access to company data, but will also threaten to leak it to the Dark Web or publicly as an added bonus. The information leak could put the company and the Games at risk of further cyber attacks, financial penalties from regulatory bodies, and significant reputational damage.
Other forms of extortion that a ransomware attack could be combined with include website defacement, doxxing, distributed denial of service, and executive harassment. The additional impacts of these double extortion attacks put even more pressure on companies to pay the ransom.
Initial access brokers selling remote access to companies linked to the Paris Olympics
Analysts at Insikt Group believe that the “increased appetite” for a successful ransomware attack against organizations associated with the Paris Olympics will lead to increased activity by first-entry intermediaries.
IABs are specialized threat actors who sell remote access to compromised corporate networks on Dark Web forums and through private communication channels such as Telegram. Ransomware operators or other threat actors can purchase access to organizations associated with the IAB Games to organize their attacks.
SEE: Initial Access Brokers: How are IABs related to the rise in ransomware attacks?
Between the beginning of the year and April 29, 2024, Insikt Group monitored 17 threat leads for initial access method ads for French entities and 14 for gaming-related industries in France, including sports, entertainment and hospitality. These listings were found on the Dark Web and forums and included access to remote desktop protocol systems, web shells, File Transfer Protocol Secure, and a customer relationship management system with administrator privileges. Leakage of credentials of employees of the Paris Olympic Games.
Insikt says that “the volume and value of credentials affecting the Paris Olympics will likely increase in the months leading up to the event, to meet demand from threat actors.”
Compromised credentials, obtained from data-stealing malware or Dark Web data dumps, are one of the primary ways threat actors gain access to a target organization's system. They can be used to mount social engineering campaigns, compromise commercial emails, phishing or other attacks that, if successful, can allow lateral movement through an organization's network.
Between January 1 and April 29 of this year, analysts identified 624 references to compromised credentials of Paris Olympics employees in Dark Web stores and markets. Domains including Olympic Games[dot]es, paris2024[dot]organization and paralympic games[dot]org, and login information for an email account “likely related to a current employee.”
Phishing scams targeting Paris Olympics attendees and associated companies
“Olympic-themed scams and phishing lures will almost certainly target both businesses and attendees,” the authors wrote.
Attackers will spread malware via email and text messages that will collect credentials or other personally identifiable information. The messages will include “using urgent language in emails, impersonating executives or suppliers, and using malicious websites impersonating suppliers or ticketing systems.”
SEE: Spear Phishing vs Phishing: What are the main differences?
Analysts have already observed typosquat registrations of Olympic Games domains, where terms have been deliberately misspelled to direct those searching for a legitimate website to a fraudulent version in case of a misspelling.
Mitigation tips for Paris Olympics cyber threats
The authors of the report have provided some mitigation measures that organizations related to the Paris Olympics can take to reduce the risk of suffering a cyberattack:
- Ensure comprehensive visibility into your organization's attack surface with a threat intelligence platform. Pay attention to alerts, automate remediation, and track the threat landscape.
- Identify records of data theft and credential leaks related to your organization and monitor IAB announcements to prevent account takeovers, data theft, ransomware, and other attacks.
- Detect and remove domain and brand spoofs that could be used to defraud customers or third parties.
- Raise awareness of phishing within the company and prioritize remediation of high-risk vulnerabilities.
- Monitor the geopolitical environment for events that could alter the intention of adversary nations to conduct cyber intrusions against the Paris Olympic Games.
“Organizers and associated stakeholders should focus on an adaptive security strategy that takes into account the geopolitical threat landscape as well as the capabilities of various groups,” the authors wrote.
“Monitor the evolution of TTPs of cyber threat and influence actors and the adoption of new technologies that ensure robust cyber defenses among all organizations involved in the Paris Olympic Games, from the IOC to public transport, and encourage International cooperation in intelligence sharing will be essential to ensure smooth exchange. operation of the Paris Olympic Games.”
