As we look forward to the 2024 Paris Olympics, enterprises all over the world face heightened cybersecurity threats. Experts share their thoughts…
Major events like the Olympic Games create opportunities for cybercriminals to exploit the excitement and divided attention, leading to increased risks of cyber-attacks on all fronts.
With just a week to go, and over 13 million tickets up for grabs, authorities and cyber experts warn of increasing levels of cyberthreats. In fact, Proofpoint helped to suspend one of the scam websites linked to the Olympics last month.
The company identified a fraudulent website to sell tickets to the Paris 2024 Summer Olympic Game, notably listed as the second sponsored search result on Google when searching for “Paris 2024 tickets” and related searches. Threat actors were likely trying to steal money from people attempting to buy or sell Olympics tickets, collecting personal information including names, contact information and credit card details.
Proofpoint also highlighted that two-thirds of the official partners of the 2024 Games are exposing the public to the risk of email fraud due to insufficient use of the DMARC security protocol.
With the stakes increasingly higher as we draw closer to the Games, CybersecAsia sought out some cybersecurity experts’ perspectives on threats related to the 2024 Paris Olympic Games.
Richard Cassidy, CISO, EMEA, Rubrik:
Beyond the fields and tracks, cybercriminals are vying for their own kind of gold as they look to extort money through tactics like phishing scams, identity theft, and ransomware attacks. The large number of visitors, each with valuable personal data and financial assets, creates a rich hunting ground.
The games can also be an unparalleled platform for politically motivated groups and cybercriminals alike to wreak havoc. Website defacements, takeover of critical services, and ransomware disruptions are common tactics. These actions are designed to often embarrass host nations, undermine trust in their capabilities, and draw global attention to their nefarious causes.
Ahead of the games, critical infrastructure and digital services must be rigorously tested. Simulating worst-case scenarios and ensuring that minimum viable operations can continue in the face of adversity is essential. This includes regular stress tests and updates to security protocols.
A centralized task force for reporting and alerting must also be at the core of securing the digital realm of the Olympics. This task force should coordinate with various stakeholders, including law enforcement, cybersecurity firms, and event organizers, to ensure a unified and swift, as is possible, response to any threats.
Simon Horswell, Senior Fraud Specialist Manager, Onfido, an Entrust Company:
Major events, from the Olympics to the UEFA EURO 2024, can bring high volumes of traffic to participating businesses and platforms. To attract new customers, businesses often run special offers and promotions around such events, including sign-up rewards. However, this can bring two key challenges to overcome: Firstly, ensuring that their onboarding processes can scale in line with customer demand, and secondly, keeping bonus abuse at bay as fraudsters seek to capitalise on cash offers.
Fraud rates tend to spike when onboarding numbers increase as fraudsters like to hide among the volume, and sign-up bonuses tend to be a real honeypot for fraudulent activity. And so, we can expect fraudsters to use the volumes around major events to their advantage – and we are likely to see this at a growing scale with AI tools powering their efforts. For instance, during the first week of UEFA EURO 2024 (14-20th June), the volume of onboarding checks for Onfido’s gambling partners increased 36% compared to the week prior (7-13th June).
AI is essential in combating fraud, including AI-generated threats such as deepfakes. Organizations can protect their business and users by implementing AI-powered digital identity verification. You can think about it as an “AI vs AI showdown”. Automating identity verification quickly and securely to defend against cyberattacks and efficiently verify end-users prevents fraud and ensures a seamless user experience, facilitating successful customer acquisition.
Steven Scheurmann, Regional VP, ASEAN, Palo Alto Networks:
The advancement of AI has enabled bad actors to execute attacks at scale and with more sophistication. As the world gears up for the 2024 Paris Olympics, the event’s massive scale and global attention open up opportunities for threat actors to carry out their attacks.
Largescale events like the Olympics are especially vulnerable, with cyber-attacks targeting critical supporting services — such as transportation, hospitality, event management, and telecommunications — having the potential to erode the event’s reputation, disrupt the attendee experience, and inflict financial losses on organizers and sponsors.
There is also a significant risk of businesses being plagued with risks of financial fraud and business email compromise (BEC), third-party disruptions by ransomware operators, and destructive attacks from state-sponsored actors and hacktivists.
We only need to look back at the 2018 PyeongChang Winter Olympics to understand the stakes, where the Olympic Destroyer malware targeted essential systems and demonstrated the potential for chaos and disruption.
In this high-stakes environment, it’s crucial for organizations to adopt a proactive security stance. Implementing a Zero Trust philosophy, leveraging automation and AI, and ensuring comprehensive visibility of the attack surface can make a substantial difference. With AI evolving, attackers are becoming more adept. Businesses and organizations can stay ahead of this curve by preparing ahead of time and deploying advanced security strategies.
