With the high-profile nature of the Olympic Games in Paris this summer, security teams are braced for incidents or campaigns aimed at the events, athletes, technical supports and other areas including retail and hospitality.

When Japan hosted the Tokyo Summer Olympics in 2021, the capital faced 450 million cyber-attacks! According to Cisco, an official partner of both the Tokyo and Paris Games, they are expecting a significant increase on that; at least eight times more attacks.

The main threats to this popular event are cyberespionage, disruptive or destructive attacks, hacktivism, information operations and financially motivated campaigns, presenting a broad threat landscape to monitor.

Recently, French judicial authorities in collaboration with Europol have launched a “disinfection operation” to remove instances of the PlugX malware that may support efforts to protect the Olympic games attendees.

This comes after cyber security company Sekoia revealed it had gained access to a C2 server linked to the PlugX trojan. PlugX is a remote access trojan (RAT) widely used by threat actors associated with China, allowing actors to execute arbitrary commands, upload or download files, enumerate files and harvest sensitive data such as credentials. Most recently, PlugX has incorporated a “worm” component, enabling the malware to self-propagate via infected USB drives with the potential to reach air gapped networks.

A threat actor using the online handle “Zeus” has already advertised that they have PII belonging to the Israeli athletes involved in the Olympics. This direct breach of the athlete’s data is reportedly being investigated by France’s Anti-Cybercrime Office and evidences the interest from threat actors.

Alongside these cyber threats are physical threats. There have been several protests staged in France recently, including climate change activists and rail disruptions affecting the Eurostar and high-speed lines.

This increase in physical disruption could spill over into cyber disruption, with threat actors taking advantage of unrest and conducting their own activities, such as hacktivism, information operations or disruptive DDoS attacks.

Reporting

Report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online. Forward suspicious emails to report@phishing.gov.uk. Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).