Attacks undertaken by cybercriminals often have a direct financial motive. Excited fans do not notice potential threats and fall victim to fraud when ordering tickets, arranging accommodation or buying souvenirs. Due to lack of caution, they not only lose money on fake websites, but also expose sensitive personal data that can be resold on the black market and used to commit other crimes. – Owners of websites and services related to a given event may also become potential victims. The so-called hacktivists eagerly break into websites popular during the event to spread their messages. However, if they are unable to do this, they disrupt the operation of servers offering critical services in order to attract media attention – says Robert Dąbrowski, head of the engineering team at Fortinet in Poland.
The theme of this year's XXXIII Summer Olympic Games, which will be held in Paris, has been used by cybercriminals for over a year – according to a new analysis by FortiGuard Labs based on threat data collected by FortiRecon. . First of all, there was a significant increase in the number of activities targeting French-speaking users, local government agencies and companies, and infrastructure providers. The so-called dark web – this is where a significant increase in activity regarding the Paris Games was observed.
Prominent among documented malicious activity is the growing availability of sophisticated tools and services designed to quickly, fraudulently obtain sensitive personal information. There have also been offers to sell French databases of such information and sets of stolen usernames and passwords that can be used for automated brute-force attacks. There was also a significant increase in the activity of hacktivists from Russia and Belarus (representatives of both countries were not invited to officially participate in this year's Games), as well as from other countries, including Sudan, Indonesia, Turkey and India.
Scammers want to make money from the Olympic Games
Almost every conscious Internet user has become accustomed to the presence of phishing scams in the digital space. This is a relatively easy form of attack to carry out, but many novice "hackers" do not know how to create or distribute phishing messages. These more advanced cybercriminals sensed new business opportunities – they created and began offering on the black market toolkits that easily help compose a convincing e-mail, add malicious code, create the address of a phishing website, its content, and obtain a list of potential victims. – Generative artificial intelligence services turned out to be an ally in this practice. They make it easier to create text that is free of grammatical and spelling errors, so recognizing an e-mail as malicious has become much more difficult. The appearance of such tools is accompanied by an increase in the popularity of services for creating phishing websites, mass SMS sending and phone number spoofing – warns a Fortinet expert.
The report also documented a significant number of registered Olympic domains that could be used in typosquatting attacks. They involve using a domain in phishing campaigns that is similar to the original one, but contains a frequently made error (e.g. oympics[.]com, olmpics[.]com, olimpics[.]com, etc.) or a visually similar one (e.g. oIympics[.] com – the notation uses the capital letter "i" instead of the lowercase letter "L"). Such addresses may contain clones of the original pages, containing e.g. payment forms from which payment card details go straight to cybercriminals. In cooperation with Olympic partners, the French National Gendarmerie identified 338 fraudulent websites offering fake tickets. According to their data, 51 sites have already been closed and 140 have received formal notices from law enforcement agencies.
Several Olympic lottery scams have also been identified, impersonating well-known brands such as Coca-Cola, Microsoft, Google and the World Bank. The main targets of these scams were users in the United States, Japan, Germany, France, Australia, the United Kingdom and Slovakia.
Advice for travelers to the summer games
People who plan to participate in this year's Games should prepare appropriately in terms of safety, both for traveling and for visiting the Olympic arenas. The goal is to minimize the risk associated with cyber threats, especially attempts to manipulate Internet users to steal their data and money.
– The group of people who are exposed to potential risk is large – warns Robert Dąbrowski. – Based on data collected by FortiRecon and analyzed by FortiGuard Labs, it is expected that there will be an increased number of targeted attacks also against VIPs, including government officials, senior management and key decision makers, and therefore additional precautions should be taken.
Experts from Fortinet's FortiGuard Labs recommend installing antivirus or EDR software on all endpoint devices and being especially careful when connecting to public wireless networks. The operating system and all applications should be updated regularly. It is advisable to exchange information between the traveler and his or her workplace via encrypted links (VPN or SASE service).
We should also remember to conduct regular training sessions for employees to highlight the risks associated with social engineering manipulations. IT administrators should ensure that users are aware of where and how to report their suspicions about an attempted attack, as well as situations in which they have been manipulated by cybercriminals. It is also necessary to build a culture of trust in the organization. This allows employees to readily report cybersecurity incidents, enabling IT teams to respond quickly to an attack.
On the technical side, it is necessary for the IT department to implement two-factor authentication mechanisms and enforce their use when remote users access corporate resources. At the same time, the company should also maintain data backup procedures (also from remote employees' devices) and systematically verify them. At least one copy of your data should be stored offline to ensure recovery in the event of a successful ransomware attack.