Imperva has identified a 770,000% increase in vulnerability scanning activity on Olympic-related sites from June to July 2024, indicating a surge in malicious intent and heightened risk of cyber-attacks designed to exploit this year’s global event.
Historically, the Olympics have been a prime target for cybercriminals, state-sponsored actors, and hacktivists. Primary targets during the Olympics typically include official websites, live streaming services, ticketing systems, and critical infrastructure such as transportation and power grids. This year is no exception.
Imperva’s Threat Research team has identified six types of attacks to watch out for during the Paris 2024 Games, including;
-
Ransomware Attacks: Given the rise in ransomware incidents globally, attackers are likely to attempt to disrupt Olympic operations by encrypting critical systems and demanding ransoms. The event’s high stakes and visibility make it an attractive target for such attacks.
-
State-Sponsored Espionage: Like the Russian state-sponsored hackers who targeted Pyeongchang, state actors may use the Olympics as an opportunity to conduct espionage, targeting sensitive communications, strategic plans, and personal data of high-profile individuals. The goal may range from intelligence gathering to attempting to influence outcomes or create political tension.
-
Distributed Denial of Service (DDoS) Attacks: DDoS attacks, which overwhelm servers with traffic, are a common tactic to disrupt services, as seen in Rio. These attacks could target live streaming platforms, ticketing websites, or other critical online services, causing frustration and financial loss.
-
Phishing and Social Engineering: Cybercriminals will likely exploit the excitement and urgency surrounding the Olympics to craft convincing phishing emails and social engineering schemes. These could target attendees, athletes, or even officials aiming to steal credit card information or distribute malware.
-
Supply Chain Attacks: The Olympics are complex, involving numerous vendors and partners. Cyber attackers may attempt to infiltrate less secure elements of the supply chain to gain access to core systems. Ensuring robust security practices across all partners is essential to mitigate this risk.
-
Insider Threats: With a vast amount of personal data being processed, from athlete information to attendee details, access to this information by those with malicious goals is a significant threat. Unauthorised access to this data can lead to privacy violations, identity theft, and financial loss.
“The surge in cyber threats is a clear indication of the malicious intent to exploit this global event,” said Cybersecurity Threat Researcher at Imperva Gabriella Sharadin. “The staggering increase in vulnerability scanning and DDoS attacks underscores the need for robust cybersecurity measures. Our focus must be on protecting the digital infrastructure and sensitive data to ensure the safety and integrity of the Games.”
