Cyberattacks against the Paris Olympics have been in the news lately. Travel security is important, but so is maintaining online hygiene for employees working from home or in the office.
Unlike many other major sporting events, the Olympics take place over several weeks and during business hours, so there are more opportunities for threat actors to take advantage of the hype. We’ve compiled some tips for IT teams during the Summer Olympics, with insights from researchers at Microsoft and Trend Micro.
Watching the Olympics from home can expose work devices to threat actors
Threat actors targeting Olympic fans at home are taking advantage of the excitement of the Games to obtain credit card numbers, email addresses, or other potentially valuable information.
“In most cases, these are financially motivated actors,” said Trend Micro vice president of threat intelligence Jon Clay in an interview with TechRepublic.
Urgency on the ground and online
Rather than preying on fears, as they would with other major events, threat actors using Olympic-themed attacks are preying on emotion.
“Social engineering has three levers to success: emotion, urgency, and habit. And threat actors know they can leverage those things,” said Sherrod DeGrippo, director of threat intelligence strategy at Microsoft, in an interview with TechRepublic.
Threat actors can follow news of the Games and tailor their attacks to specific sports or athletes. They can provide fake links to free streams or exclusive products or create campaigns claiming products or other opportunities are only available for a limited time. They try to lure people into clicking on links, opening attachments or accessing websites, Clay noted.
“When someone wins a gold medal, be on the lookout for emails that may be selling T-shirts or that may ask you to click to show your support for that particular athlete,” DeGrippo said.
WATCH: Kick-start a career in IT with this CompTIA study guide bundle, on sale now.
Hacktivists may target Olympics
The Olympics may also be the focus of “hacktivism,” or politically motivated attacks. Both the Russian invasion of Ukraine and the recent French legislative elections could raise cybersecurity concerns related to activists.
Work logins are particularly vulnerable to attackers
Work-related email addresses or credit cards are more valuable to attackers than personal ones, as they can provide a path into the entire company.
“Your work login information is far more valuable and sought after by threat actors than your personal identity,” DeGrippo said.
“Explain to employees that even if their home device is compromised, [threat actors] “You can integrate into your corporate network because you have access, in many cases, to your corporate network from your mobile devices,” Clay added.
Steps to follow before the Olympic Games
Organizations have no say in what employees do with all the devices in their home offices, although some companies that monitor productivity may notice if someone spends a lot of time watching games.
There’s no way to keep cybersecurity on an employee’s mind at all times during the Games. “Watch parties” can happen on a person’s own time. But company-owned devices are another matter, and finding a balance between protecting them and overreaching can be difficult.
IT teams can remind employees to:
- Watch the Olympics only through official channels (NBC or Peacock).
- Get information or purchase merchandise only on the official website (
- If possible, avoid downloading new apps; official Olympic information and broadcasts will be available on the web.
- Use security products and anti-spam filters.
- Remind employees of company device usage policies.
- Stay up to date on safety training modules, especially those related to Olympic activity, if available.
- Do not click on suspicious ads.
- Be careful with sponsored results in search engines.
- Alert your organization’s IT or security teams (as appropriate) if you see suspicious pop-ups or strange behavior on your work devices.
Regarding free streaming, “if it sounds too good to be true, it probably is,” Clay said.
Additionally, IT teams can:
- Be aware of time zones where people may be using work devices at unusual times.
- Contact your security vendors and make sure everything is configured and working properly.
- Conduct drills to ensure your team can respond quickly in the event of an incident.
Does it have any connection with the Games? Your organization must be especially cautious
Companies that have a direct monetary connection to the Games, such as sponsors or suppliers, should be alert to other angles of attack, even if they are not present in Paris. Availability should be a priority for Games-related suppliers, DeGrippo said.
Attackers can create fake domains or similar-sounding ads to misdirect customers. Organizations should look for and monitor these.
Common security or operations practices can help prevent many of the threats vendors or sponsors might face during the Olympics. For example, make sure your organization’s back-end e-commerce systems are secure and provide customers with two- or multi-factor authentication.
“The Olympics are certainly an event that threat actors will take full advantage of,” DeGrippo said.
