Tenable warns of cyber-attack risks for Paris Olympics 2024 sponsors

As the Paris Olympics 2024 kicks off, Tenable has issued a warning regarding a heightened risk of cyber-attacks targeting key sponsors and individuals closely associated with the event. Cyber security experts caution that these groups are particularly vulnerable to cyber-breaches, including ransomware, identity management breaches, and physical attacks on crucial hardware such as CCTV and ticket gates.

Past incidents highlight the severity of the threat. The Tokyo 2021 Games saw an estimated 450 million cyber-attacks, a figure that demonstrates the substantial risk that high-profile global events attract. According to Bernard Montel, EMEA Technical Director and Security Strategist at Tenable, “Organisations associated with the games will soon enter an IT ‘freeze’ period, meaning their systems will be left as they are to avoid any periods of inaccessibility or disruption. Whilst this makes sense, it also makes systems incredibly vulnerable because of a lack of proactive security updating.”

Securing computing environments from such cybersecurity threats requires meticulous preparation and a robust combination of resources, personnel, and technology. For entities at risk throughout July, Tenable recommends comprehensive measures. These include conducting a full inventory check of all software updates, applying necessary patches, and revising user permissions. Enhancing user access security is also crucial; identifying administrative accounts and implementing multi-factor authentication are recommended steps.

Tenable further advises a careful approach to access and identity management, suggesting that accounts should only be created under exceptional circumstances. Continuous monitoring for signs of abnormal behaviour or suspicious activity is essential, as well as ensuring that security teams are prepared to take immediate action if a critical vulnerability is identified.

Montel emphasised the opportunistic nature of cyber threats during such large-scale events, stating, “The Olympic motto is Citius, Altius, Fortius, meaning Faster, Higher, Stronger. While Olympians live and breathe this sentiment, so too do the hackers and scammers preparing to exploit the Games.”

In anticipation of potential cyber-attacks, companies and sponsors involved in Paris 2024 must remain vigilantly prepared. "There are many sponsors and suppliers preparing to successfully deliver Paris 2024, all of whom will have dedicated infrastructure and resources. Unfortunately, this makes them prime targets for hackers over the next month," Montel added.

The variety of threats anticipated include ransomware and so-called distraction attacks, where a Denial of Service (DDoS) attack targets critical systems already running at full capacity to divert attention and allow hackers to exploit other security gaps. The growing geopolitical tensions also raise concerns of physical threats targeting critical infrastructure such as CCTV systems, security gates, ticket turnstiles, and even energy providers.

Additionally, Microsoft recently warned of a disinformation campaign by Russia aimed at undermining the reputation of the International Olympic Committee and stirring fears of violence at the upcoming Games. This disinformation campaign could serve to further destabilise an already complex security environment.