Possible Cyber Threats in the 2024 Olympics

The design of the Paris 2024 Olympic and Paralympic torch, introduced on July 25, 2023, struck the first gong for The Paris 2024 Summer Olympic and Paralympic Games.

With less than one year remaining until the 2024 Paris Summer Olympics opening ceremony, the organizers continue their feverish preparations at least as much as the competitors.

Large-scale international events, ranging from major sports organizations to political summits attended by global leaders, are attractive to cyber attackers. The Olympic and Paralympic Games are also one of the most remarkable events globally. Considering the digital activities of all the athletes, audiences, visitors, stakeholders, and so on, a large attack surface will be attractive for cyber-criminals. The orchestration of an event such as the Olympics proportions mandates that cybersecurity be one of the top priorities of the organizers.

Olympic cyber assaults that affect athletes, coaches, attendees, even ordinary citizens have increased exponentially and reached 450 million in the Tokyo Games, accompanied by a staggering 4.4 billion threats – equating to approximately 800 threats per second. Experts foresee a potentially escalated scenario for the Paris 2024 Games and predict that attacks at Paris 2024 could be eight to ten times greater than those experienced in Tokyo.

Cyber Security Scoreboards of Olympics

While sports competitions were held on the field in major sports organizations, another competition continued between cyber threat actors and security teams in the background. Over the history of the Olympics, significant cyber security incidents have cast a shadow over these global events, impacting athletes, attendees, and the digital infrastructure that supports the games. Some well-known cyber-attack highlights from major sporting events are mentioned below:

Cyber incidents had been observed previously, but the 2012 London Olympics brought the concept of cyber threats to the Olympic community’s focus. Officials have revealed concerns about a potential cyber attack targeting the 2012 London Olympics’ opening ceremony. Additionally, the 2012 London Olympics witnessed over 212 million cyberattacks. 

The U.S. State Department released a travel alert for the 2014 Sochi Winter Olympics, warning U.S. travelers about the cybersecurity threats in the region. The alert specifically mentioned that individuals should be cautious when sharing sensitive or personal information on Russian electronic communication networks.

The 2016 Rio de Janeiro Summer Olympics had been the target of a 540 Gbps DDoS attack, among other cyber activities.

At the 2018 PyeongChang Winter Olympics, the nightmare of the opening ceremony came true, and an attack was launched against the organization’s central systems to cause chaos and confusion. Using the malicious worm ‘Olympic Destroyer’, the official Olympic website was taken offline, and Wi-Fi service in the stadium was disabled. Also, live broadcast systems were disrupted, and many spectators were denied access to printing tickets during the opening ceremony.

The Tokyo Olympics, postponed by a year due to the global pandemic and carried out in extraordinary circumstances, was a fascinating target for cyber attacks. There were a staggering 4.4 billion cyber threats launched against the event. This figure is twenty times higher than the number of cyberattacks reported during the London Olympics. Notably, researchers identified a phishing attempt during the Tokyo Olympics, which was selling the “Olympic Games Official Token.” The absence of a real equivalent for such a token highlighted that cyber criminals were not merely replicating existing tactics but were also devising innovative and sophisticated schemes to target individuals.

In the 2022 Beijing Winter Games, the official anti-Covid-19 application known as ‘My2022’ sparked controversy due to the security of this application and its potential vulnerabilities for espionage purposes. Before the 2022 Beijing Winter Olympics, the Federal Bureau of Investigation (FBI) advised athletes to bring temporary cell phones, not personal devices, and warned them not to use their personal data on these temporary devices.

Cyber Threats as Paris 2024 Draws Near

Paris is preparing to host the Olympic Games for the third time with the 2024 Paris Summer Olympic and Paralympic Games after 1900 and 1924. This monumental event will see around 10,500 athletes competing in 329 events spanning 32 sports. This grand spectacle will be broadcasted across more than 220 countries and territories with the support of over 25,000 media professionals.

Nearly 13.5 million tickets – including Paralympic Games – are available for global spectators.

During the 2022 UEFA Champions League final match, France was shocked by issues within the ticketing systems and the resulting disorder amongst thousands of fans outside the Stade de France. All this chaos underscored the consequences of system glitches and demonstrated how even minor disruptions can rapidly escalate into widespread avalanches. French authorities are getting ready for Paris 2024 with the lessons learned from recent experiences.

When the official website address of the Paris Olympics is searched using the Phishing Radar, a free tool provided by the SOCRadar XTI platform, 386 results related to the ‘paris2024[.]org’ domain are returned.

When examined by SOCRadar researchers, it was discovered that 24 of 386 domain addresses were leading to the official Olympics website. Notably, among these domain names, the combinations involving “ticket” and “billet” stand out. These specific addresses, verified to redirect to the official website, are as follows;

• paris2024billet[.]com
• paris2024-billet[.]com
• paris2024billet[.]net
• paris2024billets[.]com
• paris2024billetteie[.]net
• paris2024blog[.]biz
• paris2024blog[.]org
• paris2024-boutique[.]com 
• paris2024-boutique[.]org
• paris2024experience[.]com 
• paris2024-experience[.]net
• paris2024hospitality[.]org
• paris2024-hospitality[.]paris
• paris2024leclub8[.]fans
• paris2024leclub[.]store
• paris2024tahiti[.]com
• paris2024-tahiti[.]com
• paris2024ticket[.]net
• paris2024-ticket[.]org
• paris2024ticketing[.]org
• ticketing-paris2024[.]net
• ticketing-paris2024[.]org
• tickets-paris2024[.]com
• tickets-paris2024[.]org

On the other hand, checking the WHOIS records of these addresses yields identical outcomes, confirming their alignment with the official page. According to SOCRadar researchers, all these addresses, and possibly more, which could be potentially exploited in phishing attempts, have been registered and were led to the official Olympic page by the Olympic cyber security authorities as a proactive measure against phishing.

Moreover, during the examination, it was noted that two of the checked domain addresses (paris2024summergames[.]com and paris2024tickets[.]com) linked to the “www.smarttraveler[.]com/index.php” address, while another two (paris2024gamestickets[.]com and paris2024packages[.]com) carried identical content to the “www.smarttraveler[.]com” page.

To mitigate potential issues and fraudulent activities related to ticket transactions, the Olympic Committee exclusively conducts all ticket sales through its official website. The committee has cautioned against purchasing tickets or hospitality packages from unofficial sources, as this exposes buyers to the risk of non-delivery or denial-of-access by the Paris 2024 Organizing Committee under their terms and conditions. 

The committee also issued a statement regarding the resale of tickets, specifying that the official resale platform will launch in spring 2024, serving as the sole authorized resale site for global ticket holders. However, it is important to note the presence of websites offering resale Olympic tickets. Buying tickets from such sources or through social media platforms carries the risk of fraud, and advertisements for ticket sales also pose the threat of potential phishing attacks.

Additionally, threat actors can distribute malware with PDF files as a component of ticket resale scams to collect personal and credit card information, which could be valuable on the dark web. As seen on the query results of the SOCRadar XTI platform’s Threat Hunting module, even with just a year left until the Olympics, stealer logs for the accounts related ‘paris2024[.]org’ domain have been identified on the dark web.

As seen in previous ones, the Olympics, as a platform where national sentiments have taken the stage, is also the target of many politically and geopolitically motivated state-sponsored and hacktivism attacks. In the case of the Paris Olympics, France has recently been the target of cyberattack campaigns, both as a NATO member and because of its political discourse. When the Russia-Ukraine conflict and the effects of the decision that Belarusian and Russian athletes cannot compete under their flags are added, the Paris 2024 games pose a significant risk within the framework of state-sponsored and hacktivism attacks. Although it is only a year before the Olympics, SOCRadar dark web analysts have started to detect some examples.

Conclusion

Cybercriminals always used popular events as a lure for their attacks. And Olympics are a perfect subject with a huge attack surface, from the audience watching the games on TV anywhere in the world to the athletes on the field, from the organizers to the sponsor companies, from supporting systems such as transportation, hosting, and medical care, to high digital technologies used in the events.

The evolving landscape of cyberattacks, ranging from phishing scams and ransomware attacks targeted sponsors to state-sponsored infiltrations, causes a severe challenge to the security of the Paris 2024 games and its digital infrastructure.

The lessons of the past highlighted the critical importance of cyber defense measures, both proactive and adaptive. Cyber threat intelligence (CTI) solutions that provide the integrations of information garnered before, during, and after the event serves as a helpful tool to assess the evolving security landscape and anticipate potential threats. 

Extended threat intelligence platform, SOCRadar XTI, will continue to provide valuable insights for Paris 2024 with robust feeds including social media, OSINT, and especially the dark web.