The 2024 Olympics are well underway, with lots more to come, but there's an unspoken digital race taking place alongside the competition. Cybercriminals from every corner of the web have their eyes fixed on the event – hoping to exploit its mainstream coverage and popularity.
In the weeks leading up to the 2024 Games, French Prime Minister Gabriel Attal admitted that cyberattacks are an inevitability but that, despite this, the host nation would do its best to minimize their impact.
The Olympics extends an invitation to nations across the globe to perform on the world's stage. The sheer amount of data involved in the event, provided by massive audiences, and the political backdrop make it plain to see why hackers, dissidents, and cybercriminals would launch coordinated attacks. Keep reading, and I'll dig into the whys and hows.
Identifying the threats
Cyberattacks targeting the Olympics aren't a new thing. In fact, according to Cisco, more than 450 million attacks were recorded during the 2021 Tokyo Games – and Cisco predicts that there'll be eight times as many events recorded throughout the 2024 Olympics.
Research by the IDC backed up Cisco's statement, claiming that this year's Games "will see the highest potential for cyber disruption in history" in large part because of the event's unprecedented connectivity. The sheer amount of devices linked together creates a more complex threat landscape and gives hackers more opportunities (and an easier time) to launch their attacks.
Currently, there are three specific types of cyberattacks that have been earmarked as the most likely to occur:
- Hacktivist disruptions
- Social engineering scams
- Ransomware attacks
Hacktivism
Radware's cyber threat intelligence team took a close look at the dark clouds looming over the Games. The team's report states that hacktivists pose a significant risk – and that hackers may attempt to sow chaos throughout the event.
It all sounds very James Bond, but there's a very grounded reason behind the motivation. For a start, think how many people, from all over the world, will tune in to the Olympics as it runs from 26 July to 11 August. It'll be billions, at least.
The hacktivists' weapon of choice is the humble distributed-denial-of-service (DDoS) attack. You might've come across these when gaming online or tuning into a stream and they are, in a word, frustrating. Hacktivists aren't above leveraging AI to get around traditional defenses and wreak havoc, too.
Launching a DDoS attack is all about waiting for the right moment – the one that'll be the most impactful. Hacktivists may take aim at official Olympic mobile apps, betting services, and, of course, streaming platforms. Imagine if live feeds went down during the finals of a heated track and field event – it'd be pandemonium.
The resulting chatter (and outrage, no doubt) would frustrate folks all over the world, including media outlets, and potentially mar the reputation of the Games, which could be exactly what the hacktivists want.
Social engineering scams
Cybercriminals aren't just using AI to craft better, sneakier DDoS attacks – they're also using it to create scams, dodgy ads, and bogus sites. The aim behind all of this? Well, they're hoping the influx of web traffic and interest around the Olympics will funnel some unlucky users to these places, where they'll siphon away their personal data to sell or use for other cyberattacks (like account takeovers).
Even an everyday tool like ChatGPT can be used to build a shady site, optimize it, and send it to the top of the search results page. The worst part? AI can do this en masse.
French authorities identified 338 malicious Olympic ticketing sites in June 2024 alone.
Let's say that a hacker makes a fake ticketing or betting site with the help of AI. Folks looking to attend an event or play the odds could feasibly fork over their most sensitive data – financial info, login details, etc. Plus, if the site sits at the top of search, users might think that it's perfectly legit, right?
There are concerns that hackers will use QR codes for their own nefarious ends, too, seeing as they'll be everywhere around Paris during the Games. Visitors to the capital have to use QR codes to park in the city, in fact, presenting a prime target for opportunistic cybercriminals.
Ransomware
Ransomware is a particularly gnarly subset of cyberattacks that seals away your device, and all the data and documents therein, unless you agree to pay a (usually exorbitant) ransom.
The companies responsible for keeping the Olympic infrastructure running smoothly will be under a huge amount of pressure to avoid hiccups that could cause disruption. So, cybercriminals wanting to throw a spanner in the works could target these companies' networks with ransomware attacks to grind things to a halt… and make some pocket money on the side, of course.
Generally, it's thought that hackers are more likely to target companies supporting the Olympics rather than the organizers themselves. Think hotels and transport, public services and logistics.
Given the strain on these factions (and the fact that Paris expects to host 11 million tourists over the course of the Games), the hackers behind ransomware attacks can demand more money than they would otherwise, making the Olympics a tempting prospect indeed.
What can you do?
So, if you're planning to tune in to the Olympics in person or via live stream, you might wonder how you can avoid these digital threats – and there are a few key things to keep in mind.
- Before you book any tickets, place any bets, or purchase anything related to the Olympics, double (and triple) check that the site is legit. Make sure there are no spelling mistakes in the domain name, that there's a padlock symbol in the address bar, and that the site's privacy policy, well, exists.
- Invest in a VPN to keep your data secure from snoopers and data-hungry hackers. The best VPNs encrypt your personal information to keep it obscured from third parties – meaning you can check out the Olympics without worrying about your browsing history being monitored, and even use notoriously unsecure public Wi-Fi hotspots with peace of mind.
