Blog

Preparing for Cyber and Physical Security Risks at the 2024 Olympics

by | Jun 6, 2024 | Blog

High-profile events like the Olympic Games attract attention from a variety of threat actors with a range of motivations. Nisos monitors the threat landscape to stay abreast of developments among cybercriminals, state-sponsored threat actors, and event-related physical security risks to provide clients with timely and actionable updates to ensure they are aware of and able to defend against cyber and physical threats. We regularly work in close partnership with corporate security, cyber threat intelligence, and trust & safety teams leading up to and during high-profile events and heightened periods of risk.
As the 2024 Olympic Games kick off in July, here are a few of the risks our analysts are tracking:

Cyber Threats

State-Sponsored Actors

Paris Olympic Games officials are anticipating and preparing for cyber threats during the Games, including attacks from state-sponsored threat actors (see source 1 in appendix). Cyber attacks during large-scale global sporting events are not uncommon, and the Olympic Games are a frequent target of state-sponsored hacking groups. In an attack known as “Olympic Destroyer,” a hacking unit affiliated with Russia’s military intelligence agency, the GRU, disrupted the 2018 Winter Games in Pyeongchang by targeting the organizers’ internet infrastructure, shutting down the 2018 Winter Games’ website, grounding news broadcasting drones, and preventing attendees from printing ticket reservations, which ultimately prevented spectators from entering the sporting events (see source 2 in appendix). Additionally, the UK government exposed a series of alleged Russian-backed cyber attacks planned for the 2020 Olympic and Paralympic Games in Tokyo before the Games’ postponement.

State-sponsored cyber threat actors from Russia, China, Iran, and North Korea have sophisticated capabilities that have the potential to cause disruptions to internet networks, digital ticketing systems and scanners, and timing systems for the Games. Russia is banned from competing in the 2024 Paris Olympics as a country, but Russian and Belarusian nationals can compete in the games as Individual Neutral Athletes (AINs) (see source 3 in appendix). The ban may increase the likelihood of a Russian state-sponsored actor attempting to conduct a cyber attack on critical infrastructure in Paris or against another Olympics-related target. Historically, state-sponsored cyber threat actors have targeted host nations, Olympics-affiliated groups, and other related athletics organizations to discredit rival nations and to gather and leak damaging or fabricated information.

Possible Cyber Threats for Attendees

Attendees at the 2024 Olympic Games should also be aware of cyber threats associated with attending the Games, including:

  • False or unofficial mobile applications designed by threat actors or cybercriminals to harvest user data, specifically personally identifiable information (PII) and device information.
  • Malware can possibly infect devices to gain unauthorized access, steal credentials, and load additional malicious software onto them.
  • Threat actors compromise Wi-Fi networks to steal information or interrupt network connections.
  • Social engineering scams, including possible ticket fraud scams, which Nisos has covered in previous research.

Recommendations for Attendees

Nisos conducts continuous research to remain up-to-date on current cybersecurity best practices to minimize the risk of cybersecurity threats for clients and employees. Based on the current cyber threat landscape, Nisos offers the following recommendations for 2024 Olympic Games attendees to minimize their risk of falling victim to a cybersecurity event:

  • Validate developer and source of any mobile applications.
  • Limit mobile application permissions to only what is necessary.
  • Disable location services on mobile devices.
  • Maintain up-to-date antivirus and endpoint detection and response software.
  • Use a reputable VPN service to minimize network exposure.
  • Opt to use a secure hotspot on your personal device instead of an unsecured public network.

Physical Threats

Opening Ceremony

Olympic officials expect the 2024 Opening Ceremony to be the largest in Olympic history. Opening ceremonies are typically held in a stadium, which allows for increased security measures inside the controlled area. This year’s ceremony will take place along the Seine River with a boat parade for the athletes and will not require tickets upon entry, allowing free admission to spectators, therefore posing a greater than usual security risk to attendees (see source 4 in appendix). With a large number of spectators able to freely enter part of the Opening Ceremony grounds along the river, this allows potential threat actors easy access to a venue where a physical security threat is likely to have a high impact. The six-kilometer parade route also makes heightened security measures difficult, with resources required to cover a large, dynamic area.

Civil Unrest

Civil unrest and protest demonstrations are frequent in France, with the most recent demonstrations in Paris focused on the conflict in Gaza and climate activism (see source 5 and 6 in appendix). The Olympic Games are expected to have over a billion viewers worldwide and millions of attendees, which serves as a possible large platform for activism, increasing the potential for protests and demonstrations (see source 7 in appendix). Additionally, French union workers, including public transportation employees and air traffic control workers, regularly participate in strikes to advocate for improved working conditions. The French government has offered bonus payments to civil servant employees who are working during the 2024 Olympic Games to avoid any disruptive strikes (see source 8 in appendix). French union employee strikes could lead to travel delays or public transportation disruptions and closures. Nisos recommends that Games attendees receive official updates from 2024 Olympic channels and outlets as well as reputable French news sources.

Terrorist Threat

Since March, France’s terrorist threat warning level has remained at its highest level (see source 9 in appendix). France continues to work to counter threats posed by terrorist networks, including by cooperating with international partners, preventing radicalization and the spread of propaganda, and training partners on counterterrorism measures. Terrorist attacks typically target areas that will impact large numbers of individuals as well as critical infrastructure, which often includes areas densely populated with tourists or highly trafficked public transportation lines. The 2024 Olympic Games represent an attractive target for terrorist groups, offering an international platform, billions of viewers, and a large concentration of individuals in a metropolitan area and capital city. Spectators should remain vigilant of their surroundings while traveling to and from the Games and in attendance at any events.

How Can Nisos Help?

Nisos offers Open-Source Intelligence Monitoring and Analysis (OMA), providing near real-time intelligence and insights during high-profile events and in an evolving threat landscape. Dynamic threat environments like the Olympics are difficult for security teams when they have to monitor events occurring on the ground and across the surface, deep, and dark web.

Nisos serves as a valuable counterterrorism partner for law enforcement and trust & safety teams, helping to monitor violent extremists’ online communications and recruitment activity, track the spread of violent extremist material, identify specific threats, and minimize the risks of radicalization on social media.

About Nisos®

Nisos is the Managed Intelligence Company. We are a trusted digital investigations partner, specializing in unmasking threats to protect people, organizations, and their digital ecosystems in the commercial and public sectors. Our open source intelligence services help security, intelligence, legal, and trust and safety teams make critical decisions, impose real world consequences, and increase adversary costs. For more information, visit: https://www.nisos.com.

Appendix
1. https://www.nytimes[.]com/2024/04/16/world/europe/paris-olympics-cyberattacks.html
2. https://www.wired[.]com/story/untold-story-2018-olympics-destroyer-cyberattack/
3. https://olympics[.]com/ioc/news/strict-eligibility-conditions-in-place-as-ioc-eb-approves-individual-neutral-athletes-ains-for-the-olympic-games-paris-2024
4. https://olympics[.]com/en/paris-2024/the-games/ceremonies/opening-ceremony
5. https://www.timesofisrael[.]com/thousands-in-paris-demonstrate-near-israeli-embassy-after-deadly-rafah-strike
6. https://www.reuters[.]com/sustainability/climate-energy/climate-activists-break-into-amundi-offices-protests-totalenergies-investments-2024-05-24/
7. https://olympics[.]com/en/paris-2024/the-games/olympic-paralympic-games/olympic-games
8. https://apnews[.]com/article/paris-olympic-games-paralympic-strike-union-0b8a025ba4e49be54a2153c0018f1039
9. https://fr.usembassy[.]gov/security-alert-france-elevates-its-security-alert-system-25-mar-2024/