- The Olympic Games Paris 2024 is just a few days away, but the event is already a major target for cyber attacks.
- In addition to the obvious threat from Russian hackers, the event may also be targeted by a few other types of cyber attacks.
The Olympic Games Paris 2024 is about to begin. The event is expected to sell over 13 million tickets and bring over 15 million visitors to France. While it has already created excitement for millions of sports fans worldwide, it is also expected to be a massive target for cybercrimes, especially given the country’s significant involvement in geopolitics. Further, the huge scale of monetary transactions during this event makes it a bigger target for threat actors.
Given this background, ZeroFox conducted a study to understand the possible physical and cybersecurity threats that could impact the sporting event. Here are a few cyber threats tourists and sports fans should watch out for a few recommendations for them to stay safe.
1. Attacks by Russian Hacker Groups
This is probably the biggest and primary cyber threat the event may face. France has taken steps that can be seen as hurting Russia when it comes to the Russia-Ukraine war. Further, Russian athletes were banned in 2019 from international competition owing to allegations of a state-sponsored doping program. Even the International Olympic Committee (IOC) banned Russian athletes from competing under Russia’s name and flag after the country invaded Ukraine.
As such, Russian state-backed or independent threat actors may be actively involved in cyber attacks, including data compromises, DDoS attacks, or various financial scams.
The Russian hacktivist group People’s Cyber Army (PCA) already posted a call to action on their Telegram channel and associated “RCAT chat” private group in June this year, urging cyber fighters to target France with cyber attacks. This was accompanied by a fake cover of Charlie Hebdo, featuring Russian text claiming Russian hackers agreed to participate in the Olympics in a neutral status, in a new sport called ‘DDoS attacks’ on the French websites. Another group, NoName057(16), is expected to join PCA in the cyberattacks.
The coordinated attacks by PCA, NoName057(16), and RCAT are expected to potentially disrupt event security, logistics, and public perception.
2. Threats to Mobile Applications
Mobile apps present security risks; threat actors will likely exploit fans’ excitement for the games to scam them. Threat actors can use or steal app credentials to gain access to user accounts, potentially manipulating personal information associated with paris2024[.]org and olympics[.]com users. This may lead to operational disruptions, ticket fraud, and reputational damage.
The ZeroFox study found thousands of sets of compromised credentials related to olympics2024[.]com and paris2024[.]com from a private Telegram channel @GoldPackPrivate. The repository’s owner, who also operates the deep web, compromised data-focused forum LeakBase, collects and shares data from various undisclosed sources, publishing compromised credentials with plain text passwords.
3. Selling Event-Related Cyber Assets on the Dark Web
Earlier this month, an untested threat actor, “dank31337”, posted a thread on a primarily Russian-language deep and dark web (DDW) forum, xss. The thread expressed the threat actor’s intent to purchase unauthorized access and tools specifically targeting this year’s Olympics games. The threat actor even offered $5,000 for initial access, related assets, and phishing pages.
This suggests potential plans of threat actors for sophisticated attacks, including unauthorized access, credential theft, and broader disruptions to the event systems. The substantial monetary offer also indicates the potential scale and seriousness of the intended activities.
See more: Cybersecurity Stakes Higher Than Ever at Paris Olympics 2024
4. Suspicious Emails Targeting Volunteers
On the Reddit forum r/Paris2024, a Paris 2024 volunteer, “pizzahighwayicecream”, posted a query three months ago, expressing concerns about an email they received from volontaires@info-jeux2024.paris[.]fr. The user noted that the email differed in design and structure from previous official communications from volontaire@contact.paris2024[.]org. The email invited the recipient to accept a mission via a link to a volunteer portal. However, the unusual appearance and wording raised suspicions about its authenticity. The user felt it may have been a phishing attempt to deceive volunteers into providing login credentials or personal information.
5. Exposed Credentials for Paris2024[.]org and Olympics[.]com on HackCheck
ZeroFox’s study identified 21 exposed records containing compromised credentials related to the @olympics[.]com email domain and four unique records related to the @paris2024[.]org email domain from oper-source compromised database repository HackCheck. These records include limited personally identifiable information (PII), such as names, phone numbers, usernames, and passwords.
The compromised data originated from past breaches. The records were likely compromised because individuals used their official email addresses to register on third-party services or websites, which later experienced data breaches or were accidentally exposed.
Despite the data being from past breaches, it can be exploited to gain unauthorized access to Olympic Games systems if personnel used passwords or if the compromised information provides insights for social engineering attacks.
Similarly, the study found 28 entries impacting olympics[.]com and 1,734 botnet log entries affecting paris2024[.]org on the DDW marketplace Russian market.
Compromised accounts could lead to unauthorized viewing, transfer, or resale of legitimate e-tickets, especially if payment information is stored. Additionally, including browser cookies may allow attackers to mimic legitimate user sessions. This access could allow fraudulent purchases, manipulation of personal information, or service disruptions.
Recommendations to Stay Safe
The following are a few simple ways visitors to the Olympic Games Paris 2024 or sports fans can follow to stay safe from cyber attacks.
- For those buying event tickets or traveling to fan zones, download the official Olympic Games Paris 2024 mobile app. Have those tickets, transportation passes, and the Pass Jeux saved in the official apps in advance.
- Proactively monitor for compromised accounts being brokered in DDW forums.
- Olympics visitors should watch out for potential cyber scams involving fake mobile or Olympic apps.
- Ensure travel and accommodation bookings that cannot be done on the official apps are made on legitimate websites or apps and not through third parties.
As the Olympics games come closer, the event opens up opportunities for both excitement and cybercrime. As such, organizers, sports fans, and other stakeholders must become aware of potential cyber threats and proactively take the necessary steps to protect their personal devices and information.