Major sporting events like the Olympics attract billions of viewers and are prime opportunities for cybercriminals.
Over the past decade, cyberattacks targeting major events have surged, increasing from 212-million documented attacks at the London 2012 Games to 4,4-billion at the Tokyo 2020 Games.
These attacks often have direct financial motives, such as scams, digital fraud, or data theft from attendees, viewers, and sponsors.
With the world’s media focused on the event, criminals with a political agenda are looking for a large audience for their message by disrupting a significant site or knocking critical services offline.
According to a new FortiGuard Labs analysis based on threat intelligence provided by FortiRecon, this year’s Olympics have been a target for a growing number of cybercriminals for over a year. FortiGuard Labs has observed a significant increase in resources being gathered for the Paris Olympic Games, especially those targeting French-speaking users, French government agencies and businesses, and French infrastructure providers.
Beginning the second half of 2023, we saw a surge in darknet activity targeting France. This 80% to 90% increase has remained consistent across 2H 2023 and 1H 2024. The prevalence and sophistication of these threats are a testament to cybercriminals’ planning and execution, with the dark web serving as a hub for their activities.
Documented activities include the growing availability of advanced tools and services designed to accelerate data breaches and gather personally identifiable information (PII), the sale of stolen credentials and compromised VPN connections, and advertisements for phishing kits and exploit tools customised for the Paris Olympics.
It also includes the sale of French databases containing sensitive personal information and combo lists (a collection of compromised usernames and passwords used for automated brute-force attacks) composed of French citizens’ data.
Given that Russia and Belarus are not invited to this year’s games, Fortinet has seen a spike in hacktivist activity by pro-Russian groups that specifically call out that they’re targeting the Olympic games. Groups from other countries and regions are also prevalent, including those from Sudan, Indonesia, Turkey, and India.
The FortiGuard Labs team has documented a significant number of typosquatting domains registered around the Olympics, combined with cloned versions of the official ticket website. In collaboration with Olympic partners, the French Gendarmerie Nationale has identified 338 fraudulent websites claiming to sell Olympic tickets. According to their data, 51 sites have been shut down, and 140 have received formal notices from law enforcement.
Several Olympic Games-themed lottery scams have been identified, impersonating major brands such as Coca-Cola, Microsoft, Google, and the World Bank.
There has also been an increase in coding services for creating phishing websites and associated live panels, bulk SMS services to enable mass communication, and phone number spoofing services. These offerings can facilitate phishing attacks, spread misinformation, and disrupt communications by impersonating trusted sources.
Regarding infostealers, the Fortinet data indicates that Raccoon is currently the most active in France, accounting for 59% of all detections. It is followed by Lumma at 21% and Vidar at 9%.
FortiGuard Labs recommends installing endpoint protection or EDR on all devices, taking extra care when connecting to public wireless networks, and using SASE services to encrypt traffic.
It recommends the following best security practices:
* Conduct regular employee training sessions on recognising Olympics-related social engineering lures.
* Launch public awareness campaigns to educate attendees about cybersecurity threats.
* Use security orchestration tools to detect and respond to unusual activities promptly.
* Monitor the external attack surface of your IT infrastructure.
* Implement multi-factor authentication and strong password policies.
* Deploy antivirus and antimalware software on all devices.
* Maintain up-to-date software and operating systems.
* Implement multi-layered DDoS prevention solutions.
* Take proactive measures to prevent ransomware attacks.
* Deploy web application firewalls to prevent website defacement.
* Conduct robust threat-hunting activities.
* Utilise cyberthreat intelligence to gather real-time data on emerging threats.