The 2024 Paris Olympics are fast approaching, but cybersecurity concerns are on the rise.
Doesn’t get much better than Beach Volleyball under the lights of the Eiffel Tower 😍
📸 Paris 2024#Paris2024 pic.twitter.com/LZlagOQO2h
— Paris 2024 (@Paris2024) July 30, 2024
Multiple organizations, including Radware, Mandiant (Google Cloud Security), Tenable, and Palo Alto Networks, have highlighted the increased risks and potential threats to the Olympic Games. Radware’s threat intelligence report points to AI-powered distributed denial-of-service (DDoS) attacks as a significant concern.
Hang it in Versaille ⚜️
📸 Paris 2024 / @goefflowephoto pic.twitter.com/4eYnasJYk5
— Paris 2024 (@Paris2024) July 30, 2024
Hacktivists are expected to target high-visibility industries, such as streaming and media services, financial services, ticketing systems, and Olympic-specific digital services and apps. Mandiant assesses with high confidence that the Paris Olympics face an elevated risk of cyber threat activity, including cyber espionage, disruptive operations, financially motivated crimes, hacktivism, and information operations. Russian threat groups present the highest risk, while China, Iran, and North Korea pose moderate to low risks.
Where to watch athletics during the @Paris2024 Olympics 📺
Mark your calendars! The athletics program runs from August 1-11 🗓️
Follow the latest updates on the World Athletics website and join Inside Track for real-time results and stats ⬇️
— World Athletics (@WorldAthletics) July 31, 2024
Tenable warns that sponsors and those integral to the Games’ operations are at heightened risk of cyber breaches as the Olympics approach. Organizations will enter an ‘IT freeze’ stage to manage increased traffic, making them more vulnerable to attacks.
Olympics face mounting cybersecurity threats
Palo Alto Networks Unit 42 highlights various cyber threats targeting the 2024 Summer Olympics, such as business email compromise (BEC), financial fraud, and ransomware attacks. State-sponsored and pro-Russian hacktivists are anticipated to conduct destructive, disruptive, and deceptive attacks. The French government’s national cybersecurity agency, ANSSI, is overseeing the effort to keep the Paris Olympics cyber safe.
Eviden, a division of Atos and the lead IT integrator for the games, is managing Paris Olympics cybersecurity services and operations. Even if ANSSI successfully fends off direct cyberattacks targeting the games, the Paris Olympics could still be disrupted if a malicious cyber strike impacts one of its IT providers. The most immediate risk is to the IT infrastructure of organizations connected to the Olympics in some way, including suppliers, partners, hotels, and businesses catering to the expected 10 to 15 million visitors during the games.
Cybersecurity teams worldwide must recognize that the Paris games heighten the level of cyber risk well beyond the perimeter of Paris. Besides the proliferation of Olympic-themed phishing, malware, and ransomware, cybersecurity teams in every country and industry may be short-staffed due to summer vacations, and 24-hour coverage of the Olympics on TV and social media could diminish employees’ ability to sidestep cyber scams while working.
