Major sporting events are popular targets for cyber attackers. There are therefore plenty of risks for the Winter Olympics, which will take place next month in the Italian cities of Milan and Cortina d’Ampezzo. What can we expect from the digital battle taking place behind the scenes of the sport? Unit 42 from Palo Alto Networks provides an overview.
Critical infrastructure is under constant pressure both domestically and internationally. Global events, from climate summits to sports tournaments, offer attackers a unique opportunity to obtain data from prominent individuals. Nowadays, digital security is just as much a priority for local staff as physical security. Yet it is possible to use credible phishing emails, spoofed Wi-Fi locations, and DDoS attacks to extra effect. Unit 42 lists the upcoming Winter Olympics as a favorite target for cybercriminals and state hackers. The event offers an environment full of high-value targets, consists of critical infrastructure, and is likely to generate geopolitical tension. This lesson can also be learned from recent history.
Olympic Destroyer (2018)
Unit 42 looks back on previous Games where cyber incidents occurred. Think of attempts at sabotage for the Summer Games in Tokyo (originally 2020, ultimately 2021). According to Palo Alto Networks experts, Paris 2024 saw a peak in DDoS attacks. However, the biggest incident to date surrounding the Games took place in PyeongChang, South Korea, in 2018.
The so-called Olympic Destroyer campaign is believed to have been carried out by the Russian military intelligence service GRU. From December 2017 to February 2018, attack attempts were made with the general target of the Winter Olympics via countless potential victims. Athletes, officials, South Korean citizens, sponsors; none of these groups were spared. Initially, this series of attacks appeared to involve multiple threat actors, even though Olympic Destroyer was centrally coordinated.
The main goal was disruption without financial gain or data exfiltration. This is striking, especially since the Games could certainly have suffered reputational damage through ransomware or data theft. Nevertheless, the consequences were disastrous for those responsible at the IOC, the South Korean government, and other parties involved. Tickets for the opening ceremony could not be printed in most cases, the Wi-Fi failed, and public screens also failed for a billion-strong audience. Hours after the opening of the Games, everything was back to normal. All this had a major impact, but such disruptions often lead to a much slower recovery. So worse is certainly possible, including during Milan-Cortina.
Financial gain or geopolitical turmoil
Russia is still excluded from the Olympic Games. On top of that, geopolitical tensions, including between allies, have only increased. A disruption in 2026 would therefore be very attractive to Russian GRU hackers. Unit 42 points out that such groups may have been working on infiltrations for years; perhaps the seed for a successful attack has already been planted.
Nevertheless, Unit 42 advises us not to rule out ransomware groups. They see an opportunity to profit financially from an Olympic compromise. If an attacker succeeds in compromising an IT system that is mission-critical for a sporting event, the time pressure on the defender is enormous. A victim may be willing to pay a sky-high amount to regain access to a critical system or critical data. Unit 42 sees many opportunities for malicious actors to ‘camouflage’ themselves in the wilderness of organizational infrastructure. Hundreds of national sports associations, each with their own infrastructure, need to connect to central IT systems, which provides opportunities to exploit various vulnerabilities.
Other scams that Unit 42 anticipates include fake websites for ticket sales or registrations, QR codes that turn out to be phishing, fraudulent apps, and other tools.
Hacktivism
Hackers come in all shapes and sizes, and Unit 42 distinguishes between financially motivated hackers and state actors. But according to the Palo Alto Networks researchers, a third group is just as dangerous for the Games: hacktivists. With participants from almost every country in the world, cyber attackers will target specific athletes, teams, or committees. Sensitive documents could end up in the public domain after a compromise; again, Unit 42 suggests that this is about disruption, not financial gain from fraud.
Known dangers
As fresh as a new edition of the Olympic Games is, the tactics that can shut it down are just as old. Phishing (via email, QR codes, video calls, phone calls, etc.), vulnerabilities, compromised credentials, and DDoS attacks remain the stable factors in cyber incidents. The nature of the international event does little to change that. Deepfakes, convincing phishing messages that are personally tailored, SEO poisoning; the methods are becoming increasingly effective.
Unit 42 sees the Games as a textbook example of an event that is difficult to defend. But ordinary organizations, if not sufficiently secured, are also attractive targets. Fortunately, they can be defended in relatively predictable ways, with opportunities for proactive action and the establishment of mature security policies. For example, Unit 42 talks about AI-driven automation to reduce response times, SOC teams that receive as little noise as possible, and insights that continuously assess the security of apps, cloud, and development environments.
Also read: What Aikido teaches us about software and security