Cyber Target Paris Prepares
23 July 2024
As the attention of sports fans turns to Paris this week, so too are the nefarious attentions of the world’s cyber criminals.
So: how will the world’s largest sporting event keep its data and systems secure…? Read on to learn more from those charged with defending the Summer Olympics’ IT systems.
Miscreant Magnet
Vincent Strubel, head of France’s national cybersecurity agency (ANSSI), warned that this year’s summer Olympics was facing an unprecedented level of cyber threats.
Said Strubel: “There will be cyberattacks during the Games and the Paralympics... Some won’t be serious. Some will be serious, but won’t have an impact on the Games. And perhaps there will be some that are serious and liable to have an impact on the Games.”
Franz Regul, head of the cyber team responsible for Paris 2024, said he expects the number of security events this year to be “multiplied by 10 compared to Tokyo”. There is a need to keep an exceptionally tight attack surface and tie up any loose ends like SSL misconfigurations, open ports, and privacy issues such as cookie consent violations.
French anti-cybercrime units have classified the cyber threats in five categories:
1. Amateur Hackers
As the “as-a-service” cybercrime economy develops, it’s become easier than ever for novice threat actors to launch more sophisticated attacks than their limited skillsets would otherwise have allowed. This lowered bar for entry will lead to a higher overall number of attacks.
2. Thrill-Seekers
The sheer size and popularity of the Olympic Games will tempt those broadly inclined to create nuisance or show off their “cyber chops” to their peers. They’ll likely seek to exploit any security weaknesses in the websites or booking sites purposed for the event, including those of media organisations and sponsors. Common website security attacks such as cross-site scripting, SQL injection, and DDoS attacks will be their primary threat vector.
3. Hacktivists
Activists passionate for their cause of choice are likely to attempt to hijack the world’s largest stage.
4. Black Hat Thieves
The immense cashflow around the Paris Olympics makes them a potentially lucrative target for cyber thieves. Phishing attempts – expected to arrive in the form of unsolicited emails about the Games, lodging, tickets, or information followed by “helpful links” – will abound.
Those who open the emails and click on the links may find their bank accounts quickly compromised.
5. Nation-State Actors
The Olympics have long been a huge world stage on which global powers send political signals to countries, governments, and the world at large. As the Associated Press recently noted, “Among the most threatening cyber-adversaries are countries who might want to embarrass and exact costs on France and the International Olympic Committee.”
Defending the Games
French cybersecurity authorities are cagey about the significant precautions they’re taking to thwart cyber criminals. Revealing too much would give away a tactical advantage to blog-reading Black Hats.
However, here’s what we know so far…
1. Ethical Hackers
The ANSSI has hired ethical hackers to test the attack vectors on all Olympic websites. According to Strubel, 500 sites, competition venues and local collectives have all been put under “friendly fire”.
2. AI
Artificial Intelligence is being employed to test for multiple threats across IT systems and websites. Regul said that AI was helping differentiate “between a nuisance and a catastrophe”.
3. Physical Security
Transportation, supply chains, and surveillance systems are other potential targets for those seeking to compromise the Games. All have been included in the safety perimeter of the Paris 2024 cybersecurity preparations.
4. External Expertise
The 2018 Winter Olympic Games were targeted by malware dubbed “Olympic Destroyer”, which aimed to disrupt the opening ceremony. Paris cybersecurity teams have tapped the knowledge and experiences of the consultants who detected and disabled that threat.
A Bug Bounty program has also sought to attract the time and skills of independent IT practitioners.
5. Education & War Gaming
During the past two years, ANSSI has been “war gaming” cyber incidents with the International Olympic Committees’ IT partners, and deploying cyber defence education programs across the thousands of people responsible for operating the Paris Games’ IT systems.
No News will be Good News
The final word on Paris’s cyber preparations belongs to Jérémy Couture, who helms the official cybersecurity hub of the Paris Olympic games.
Couture said his dream for the Olympics is that technology and cybersecurity won’t be talked about - because that will mean they were a non-issue.
Sports fans around the world will be hoping his dreams become reality.
Need a Local Expert?
If – like the Paris Games - you’d like to tap local expertise keep cyber criminals at bay, please feel welcome to contact me, Bradley Copson (mailto:bradley@gensys.com.au). I’m always happy to have an obligation-free discussion, explain how simply we can transition you from outdated software and approaches, and offer you a zero-cost Proof of Concept.
At Generic Systems Australia, we’re your local experts in secure Managed File Transfer.
#MFT #managedfiletransfer #securefiletransfer #sft #cybersecurity #datatransfer