Olympic Sponsors Are Prime Targets For Hackers

Uploaded on 2024-07-29 in GOVERNMENT-National, GOVERNMENT-Law Enforcement, FREE TO VIEW

As the Olympic Games begin following arson attacked on the transport network surrounding Paris, there is a  heightened threat of cyber attacks in Paris, especially targeting key sponsors and those closely associated with the event.

Now, cyber security and threat exposure firm Tenable is warning that all those at risk to  be extra vigilant against cyber attacks such as ransomware, identity management breaches, and physical attacks on hardware like CCTV and ticket gates. 

“Organisations associated with the games will soon enter an IT ‘freeze’ period, meaning their systems will be left as they are to avoid any periods of inaccessibility or disruption,” said Bernard Montel, EMEA Technical Director and Security Strategist at Tenable. “Whilst this makes sense, it also makes systems incredibly vulnerable because of a lack of proactive security updating.”

Threat actors will be all too aware that any disruption to services would be devastating. This could mean organisations are more vulnerable to extortion in an effort to resolve any outages as quickly as possible and 
with all eyes on Paris  hackers could see the Games as an opportunity too good to miss.

  • This year, it's not beyond the realms of possibility to see an attack targeting CCTV, security gates, ticket turnstiles, travel infrastructure or even energy providers. 
  • Another avenue that could be targeted is the sound systems and big screens within venues, or even online streaming platforms, with inflammatory messages and other defacing efforts. 

Recently Microsoft warned of an intense disinformation campaign by Russia aimed at tarnishing the reputation of the International Olympic Committee and stoking fears of violence at the 2024 Games. Securing infrastructure from cybersecurity threats requires a combination of resources, people, and technology.  

For those at risk throughout July, Tenable recommends: 

  • Patch and Permission:  Conduct a full inventory check of all software updates, apply patches, and revise user permissions.   
  • Bolster User Access:  Identify admin accounts and strengthen access with multi-factor authentication.
  • No ID, No Entry:  Carefully consider access and identity management, creating accounts only in exceptional circumstances.
  • Behaviour Monitoring:  Implement continuous monitoring for signs of abnormal behaviour or suspicious activity.
  • Stand By for Action:  Ensure security teams are on standby, ready to take immediate action if a critical vulnerability is identified. 

“The Olympic motto is Citius, Altius, Fortius, meaning Faster, Higher, Stronger. While Olympians live and breathe this sentiment, so too do the hackers and scammers preparing to exploit the Games... There are many sponsors and suppliers preparing to successfully deliver Paris 2024, all of whom will have dedicated infrastructure and resources. Unfortunately, this makes them prime targets for hackers over the next month.” ” Montel continued. 

Also commenting, Steve Bradford, Senior Vice President EMEA at SailPoint said “Between tourists, athletes, sports federations, partner companies and public authorities, the playground for hackers is virtually unlimited. Companies involved in the Games need to be on constant alert and equip themselves with the tools they need to ensure their security."

“Cyber security during major events like these is a collective challenge requiring vigilance, preparation and cooperation at all levels.” according to Bradford.

Businesses are at their most vulnerable during periods of high user traffic because increased activity strains security infrastructures, making it easier for cyber criminals to exploit weaknesses and infiltrate systems. The Korea 2018 Winters Games experienced an attack that interupted the opening ceremony. 

Tenable

Image: HJBC 

You Might Also Read: 

Major Sporting Events Are Open Targets:

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

 

Cyber Security Intelligence: Captured Organised & Accessible

 

« Video Game Actors Fear Being Replace By AI 
Overcoming Obstacles To Zero Trust Adoption »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Secure Source

Secure Source

Secure Source specialise in search and recruitment for Cyber Security and Security Cleared markets.

PCI Compliance Guide

PCI Compliance Guide

The PCI Compliance Guide is one of the leading educational websites available focused exclusively on PCI compliance.

ETAS

ETAS

ETAS (formerly Escrypt) is a pioneer and one of today’s leading solution providers for embedded IT security.

Exonar

Exonar

We enable organisations to better organise their information, removing risk and making it more productive and secure.

Terranova Security

Terranova Security

Terranova is dedicated to providing information security awareness programs customized to your internal policies and procedures.

OGiTiX

OGiTiX

OGiTiX Software AG is a German software manufacturer specializing in Identity and Access Management.

Windscribe

Windscribe

Windscribe is a Virtual Private Network services provider offering secure encrypted access to the internet.

miniOrange

miniOrange

miniOrange is a cloud and on-premise based identity and access management (IAM) solution provider.

adaware

adaware

adaware is an award-winning security and privacy software provider, empowering users to connect with confidence.

Travelers

Travelers

Travelers is a leading writer of US commercial property casualty insurance and one of the world’s largest global insurers for cyber insurance.

Aspisec

Aspisec

Aspisec is a cybersecurity company specialized in Firmware Security and Critical Infrastructure Protection.

Cybeta

Cybeta

Cybeta's actionable cybersecurity intelligence keeps your business safe with strategic and operational security recommendations that prevent breaches.

Porto Research, Technology & Innovation Center (PORTIC)

Porto Research, Technology & Innovation Center (PORTIC)

PORTIC brings together several research centers and groups from P.PORTO in a single space, forming a superstructure dedicated to research, technology transfer, innovation and entrepreneurship.

Concourse Labs

Concourse Labs

Concourse Labs Security Guardrails continuously verify cloud infrastructure and workloads. Continuously assess clouds for security, resiliency, and regulatory compliance.

Boston Government Services (BGS)

Boston Government Services (BGS)

Boston Government Services is an engineering, technology, and security firm providing mission-focused solutions for the clean energy, nuclear, and federal programs markets.

GMO Cyber Security

GMO Cyber Security

GMO Cyber Security is an information security company that focuses mainly on vulnerability diagnosis. It is Japan's leading white hat hacker organisation.