The flaming Olympics cauldron is dim for now, and the excitement of watching athletic prowess is a memory. But the decades-long tradition of cyberthreats on Olympics infrastructure and broadcasts continues. Here’s a summary of Olympic cyberthreats, past and present.
Cyberattacks on the Olympics Are Nothing New
On July 19, 2021, the U.S. Federal Bureau of Investigation (FBI) published a warning about threat actors attempting to disrupt the 2021 Olympic Games in Tokyo.
In the message, the FBI mentioned that “…cyber actors who wish to disrupt the event could use distributed denial of service (DDoS) attacks, ransomware, social engineering, phishing campaigns, or insider threats…” related to the games.
Past Olympic threats
Far from being surprised, event officials regarded potential attacks as a by-now established part of the Olympics schedule. After all, organizers had been aware of cyberattacks for at least 20 years. So you could say that there’s a tradition of Olympics cyberthreats. A sample of recent disruptions include:
- London 2012: Hacktivists launched thousands of coordinated devices in a DDoS attack (read here to understand the meaning of DDoS) meant to cripple the power infrastructure during the games’ opening ceremonies.
- Rio 2016: The hacktivist group, Anonymous, promised DDoS attacks during the Rio 2016 Olympics, and they followed through. Attackers posed a false-alarm threat to the games’ power grid and stole athletes’ medical records from the World Anti-Doping Agency.
- Pyeongchang 2018: A cyberattack during the opening ceremony temporarily paralyzed internet infrastructure. A virus named Olympic Destroyer was the likely culprit. The attack affected television and internet (LAN, WiFi) services. In a separate ransomware operation called Gold Dragon, hackers used three different malicious tools to attempt threats to the Tokyo Olympics. Designed to gather data, Gold Dragon acts as a reconnaissance tool and creates a key that encrypts data collected from the Olympics network.
Has anything changed?
Tokyo Olympics 2021
As in the past, 2021 Olympics event organizers had to grapple with many types of cyber threats. Increased connectivity and other IT used in the games have made them more vulnerable to potential cyberattacks. Earlier attacks engaged in ticket scams disrupted services and stole athletes’ personal data. Some of that still exists, but now attacks focus more on event infrastructure and operations. The 2021 Summer Games continued this tradition, with DDoS attacks and malware taking centre stage. This time, the headline-grabbing attacks were driven by:
- Wiper malware. During the 2021 games, security researchers reported finding wiper malware, which appeared to be aimed at Japanese users. However, the malware was less sophisticated software than that used during the 2018 Winter Olympics. And the sample’s relatively simple design and function suggest that attackers weren’t an advanced persistent threat or nation-state-sponsored hackers.
- Social engineering. Just before the start of the games, security specialists confirmed that users of a webpage disguised as an Olympic television broadcast schedule were directed to a suspicious sports broadcast site. Later, a web search has confirmed that a fake page leads to the same type of suspicious sports broadcasting site.
- Ransomware. The Japanese Olympic Committee claimed to be the target of an April 2021 ransomware attack, although a follow-up investigation showed that there was no ransom demand, and the JOC quickly replaced the infected computers.
That leaves the protection piece of the Olympics cyberthreat challenge. Although large-event operations are complex, there are established methods to protecting against cyberattacks.
Protecting Against Large-Event Cyber Threats
Effective cybersecurity solutions for large events start with these elements:
- Centralized processes, which use single-point decision making and follow standard security principles and best practices.
- Security controls such as identity and authentication management (IAM) and secure data storage, which prevent data leaks.
- Strategies thatextend to third-party suppliers and the broader supply chain. It also helps to consider threats to other systems that may not be directly related to the event itself (ticket and reservation systems, for example).
- Development and deployment experts such as software programmers, data storage specialists, installers, and systems administrators. These folks are experts in getting security systems up and running in a short time.
- Testers (in this case white-hat hackers). They’re the good guys, who perform tests that identify and fix potential weaknesses of high-risk targets before the show begins.
That’s the setup part of the solution. But when an attack occurs, effective solutions must help to neutralize the threats of these exploits:
- DDoS. Toneutralize DDoS threats, solutions monitor the venue’s data traffic. Anything identified as a threat is gathered and rerouted to a network of scrubbing centers, where malicious software and other traffic are analyzed and removed.
- Ransomware. Advanced solutions use real-time alerts and blocking software, which automate the detection process. And standardized procedures help isolate infected machines and aid in data recovery.
- Phishing. Immediate containment is the name of the game in response to phishing attacks. You’ll need a tough, automated solution, which offers a wide variety of actionable insights and alerts. Your goal is to examine reports that help you quarantine malware, which must be removed from your system and scrubbed as quickly as possible.
Real-time monitoring and reporting, automated alerts and detection, and rapid attack response cornerstones of modern cyberattack solutions. All are available in robust, automated solutions that are a click or phone call away.