Insight: Dark web shows cybercriminals ready for Olympics. Are you?
Fortinet warns that vigilance is required as the Paris games are targeted.
Major sporting events like the World Cup, Super Bowl and Wimbledon attract millions, even billions, of viewers. Argentina’s shootouts win over France in the final game of the Qatar 2022 World Cup reached a global audience of 1.5 billion viewers. And the Olympics, starting later this month in Paris, is the biggest of them all — with the 2020 Tokyo Olympics having attracted a worldwide audience of over 3 billion viewers.
These events are also prime opportunities for cybercriminals. Over the past decade, the number of cyberattacks targeting major events has surged, increasing from 212 million documented attacks at the London 2012 Games to a staggering 4.4 billion at the Tokyo 2020 Games.
Puerto Rico’s delegation for the 2024 Summer Olympics in Paris consists of 23 athletes competing in 10 sports. This diverse group aims to make a significant impact across various disciplines, showcasing the talent and dedication of Puerto Rican athletes on the global stage.
These attacks often have direct financial motives, such as scams, digital fraud, or the acquisition of valuable data from attendees, viewers, and sponsors. In their excitement, eager fans often overlook potential risks when purchasing tickets, arranging accommodations, or buying memorabilia, making them easy targets for cybercriminals.
Others, desperate to view specific events, are enticed by malicious websites offering free access, only to have their devices compromised or personal data stolen. And with the world’s media focused on the event, criminals with a political agenda are looking for a large audience for their message by disrupting a significant site or knocking critical services offline.
Threat actors targeting the Paris 2024 Games
According to new FortiGuard Labs analysis based on threat intelligence provided by FortiRecon, this year’s Olympics has been a target for a growing number of cybercriminals for over a year. Using publicly available information and proprietary analysis, this report provides a comprehensive view of planned attacks, such as third-party breaches, infostealers, phishing and malware, including ransomware.
FortiGuard Labs has observed a significant increase in resources being gathered leading up to the Paris Olympic Games, especially those targeting French-speaking users, French government agencies and businesses, and French infrastructure providers.
Notably, since the second half of 2023, we saw a surge in darknet activity targeting France. This 80% to 90% increase has remained consistent across the second half of 2023 and the first six months of 2024. The prevalence and sophistication of these threats are a testament to the planning and execution of cybercriminals, with the dark web serving as a hub for their activities.
Documented activities include the growing availability of advanced tools and services designed to accelerate data breaches and gather personally identifiable information (PII), such as full names, dates of birth, government identification numbers, email addresses, phone numbers, residential addresses, and others. We’re also witnessing a rise in advertisements for phishing kits and exploit tools customized specifically for the Paris Olympics.
Hacktivist activity spiking
Given that Russia and Belarus are not invited to this year’s games, we have also seen a spike in hacktivist activity by pro-Russian groups — like LulzSec, noname057(16), Cyber Army Russia Reborn, Cyber Dragon, and Dragonforce — that specifically call out that they’re targeting the Olympic games. Groups from other countries and regions are also prevalent, including Anonymous Sudan (Sudan), Gamesia Team (Indonesia), Turk Hack Team (Turkey), and Team Anon Force (India).
Beware of phishing scams and fraudulent activity
The FortiGuard Labs team has also documented a significant number of typosquatting domains registered around the Olympics that could be used in phishing campaigns, including variations on the name (oympics[.]com, olmpics[.]com, olimpics[.]com, and others). These are combined with cloned versions of the official ticket website that take you to a payment method where you don’t get a ticket, and your money is gone. In collaboration with Olympic partners, the French Gendarmerie Nationale has identified 338 fraudulent websites claiming to sell Olympic tickets. According to their data, 51 sites have already been shut down, and 140 have received formal notices from law enforcement.
In short, in addition to celebrating athleticism and sportsmanship, the Paris Olympics 2024 is a high-stakes target for cyberthreats, drawing attention from cybercriminals, hacktivists and state-sponsored actors. Cybercriminals are leveraging phishing scams and fraudulent schemes to exploit unsuspecting participants and spectators.
We also anticipate increased targeted attacks against VIPs, including government officials, senior executives and key decision-makers, and additional precautions should be taken.
Major events like the Olympics are a good reminder that we all need to remain vigilant against cyberthreats. FortiGuard Labs recommends implementing cyber hygiene best security practices to safeguard yourself and your organization against cyberattacks.
Fortinet Inc. is a global provider of cybersecurity and networking solutions, based in Sunnyvale, California.
