Dark web reveals cybercriminals targeting Olympics

With the 2024 Paris Olympics in full swing, cyberattacks targeting major events have surged in the past decade increasing from 212 million documented attacks at the London 2012 Games to 4.4 billion at the Tokyo 2020 Games.

As the world’s media focus on the Paris Olympics, cybercriminals with a political agenda are looking for a large audience for their message by disrupting a significant site or knocking critical services offline.

These attacks often have direct financial motives, such as scams, digital fraud or data theft from attendees, viewers and sponsors.

Threat actors

According to a new FortiGuard Labs analysis report based on threat intelligence provided by FortiRecon, this year’s Olympics have been a target for a growing number of cybercriminals for over a year.

FortiGuard Labs said it has observed a significant increase in resources being gathered for the Paris Olympic Games, especially those targeting French-speaking users, French government agencies and businesses and French infrastructure providers.

“Beginning the second half of 2023, we saw a surge in darknet activity targeting France. This 80% to 90% increase has remained consistent across 2H 2023 and 1H 2024. The prevalence and sophistication of these threats are a testament to cybercriminals’ planning and execution, with the dark web serving as a hub for their activities.”

According to the report, documented activities include the growing availability of advanced tools and services designed to accelerate data breaches and gather personally identifiable information (PII), the sale of stolen credentials and compromised VPN connections, and advertisements for phishing kits and exploit tools customised for the Paris Olympics.

It also includes the sale of French databases containing sensitive personal information and combo lists (a collection of compromised usernames and passwords used for automated brute-force attacks) composed of French citizens’ data.

ALSO READ: WATCH: Zuma’s MK party confirms Facebook account hacked after X-rated content was posted

Hacking

FortiGuard labs said given that Russia and Belarus are not invited to this year’s games, they have seen a spike in hacktivist activity by pro-Russian groups that specifically call out that they’re targeting the Olympic games.

“Groups from other countries and regions are also prevalent, including those from Sudan, Indonesia, Türkiye and India. In collaboration with Olympic partners, the French Gendarmerie Nationale has identified 338 fraudulent websites claiming to sell Olympic tickets.

“Several Olympic Games themed lottery scams have been identified, impersonating major brands such as Coca-Cola, Microsoft, Google and the World Bank,” it said.

Precautions

FortiGuard Labs said the Paris Olympics 2024 is a high-stakes cyberthreat target, drawing attention from cybercriminals, hacktivists, and state-sponsored actors.

“Cybercriminals are leveraging phishing scams and fraudulent schemes to exploit unsuspecting participants and spectators. Fake ticketing platforms, fraudulent merchandise and identity theft tactics threaten financial loss and undermine public trust in event-related transactions.

“We anticipate that hacktivist groups will focus on entities associated with the Paris Olympics to disrupt the event, targeting infrastructure, media channels and affiliated organisations to disrupt event proceedings, undermine credibility and amplify their messages on a global stage,” it said.

FortiGuard Labs recommended installing endpoint protection or Endpoint Detection and Response (EDR), on all devices, taking extra care when connecting to public wireless networks, and using Secure Access Service Edge (SASE), a cloud architecture model that combines network and security-as-a-service functions together and delivers them as a single cloud service SASE services to encrypt traffic.

ALSO READ: No one immune to cybercrime, not even Ramaphosa