Palo Alto Networks Reports That Cyber Attacks Threaten to Derail Major Sporting Events

Large-scale events, such as the 2024 Paris Olympics or Euro 2024, pose elevated cybersecurity threats to enterprises. Palo Alto Networks Unit 42 recently orchestrated a cyber vigilance program to understand the cyber threats the 2024 Summer Olympics are likely to face and to highlight relevant essential services that could be impacted.

Cyberattacks targeting critical Olympic services, such as transportation, hospitality, telecommunications, media, payment processing, utilities, and safety and security, could potentially damage the event’s reputation. They can also disrupt the attendee experience and inflict financial losses on organisers and sponsors. As the Olympics approach, concerns grow about risks from financially motivated cyber-enabled fraud, politically driven sabotage by state-sponsored actors and hacktivists, alongside the ever-present covert espionage activities—all posing substantial threats to the event’s security and integrity.

Unit 42 has compiled the key threats for organisations, especially those related to critical services, to consider as they prepare for the Games. Financially motivated crimes are likely to present the highest and most sustained threat throughout the event, with cyber-enabled fraud being particularly prevalent means to obtain illicit funds from enterprises and individuals alike. Some of the key concerns for businesses are:

• Ransomware: Ransomware is the most frequent cause of financially motivated disruption. 2023 saw nearly 4,000 ransomware leak posts, a 49% increase from 2022. 28% of Unit 42 Incident Response cases in 2023 involved ransomware with data encryption. We’ve seen how a ransomware attack was able to disrupt the operations of government agencies and critical infrastructure, resulting in a breach of individuals’ personal data. Ransomware on third parties can significantly impact supply chains and events like the Olympics. Meanwhile, direct targeting of the Olympics by ransomware is unlikely due to high law enforcement risks.
• Financial Theft: Business email compromise (BEC) is the most common form of financial theft. BEC actors are likely to impersonate sponsors or businesses involved with the Olympics, with average payouts of over USD 500,000. Financial theft expected before, during, and after the Olympics, leveraging fear, uncertainty, and doubt of a “missed” payment
• Fraud (e.g., Ticket Scams): Fraudulent websites and mobile apps targeting tourists and businesses are expected. Unit 42 has begun to observe domains spoofing the legitimate Olympics website, while fake mobile apps masquerading as transport, booking, or other planning apps are prime targets for fraudsters. Payment processors or online businesses are likely to suffer from web-skimming attacks seeking to steal customer data and payment card data.

In light of that, Palo Alto Networks recommended 5 cybersecurity tips for the upcoming Olympics:

• Zero Trust. One of the best ways to limit damage after an attack is to restrict the attacker’s movement and activity. Granting least-privilege permissions minimises the impact of security incidents. When organisations design their security posture following a zero-trust philosophy, attackers are less effective because initial access is limited. Zero Trust assumes the network is compromised and continuously validates the user, device, application, and data. This layered security approach prevents or limits lateral movement by attackers, giving victims more time to detect, properly contain and remediate the threat.
• Defence in depth. A security program designed with overlapping defences and controls gives attackers more opportunity to alert you to their presence. Especially when combined with limited privileges in a Zero Trust philosophy, you can raise the signal-to-noise ratio of meaningful alerts that will let you focus on attacker activity earlier in the attack lifecycle.
• Maintain an incident response plan to prepare for and respond to cyber incidents, including emerging ransomware tactics like extortion, multi-extortion, and harassment. Organisations that continuously review, update, and test their incident response plans—ideally with input from cybersecurity experts—are much more likely to effectively respond to and contain an active attack.
• Ensure complete visibility of your attack surface. 75% of ransomware attacks and breaches fielded by Unit 42’s Incident Response Team result from a common culprit—internet-facing attack surface exposure. Deploying solutions that provide centralised, near real-time visibility can help organisations identify and mitigate vulnerabilities before they can be exploited. If services within your cloud account are accessing or being accessed by new and unusual IP addresses or over unusual ports, make sure your monitoring is configured to alert on this activity.
• Leverage the power of AI and automation to modernise security operations and reduce the burden on overworked analysts. The latest technology can help organisations drive down key cybersecurity metrics, denying attackers the time they need to compromise an organisation’s systems or exfiltrate its data.
• Protect cloud infrastructure and applications. With cloud migration accelerating, threat actors will continue to develop Tactics, Techniques and Procedures (TTPs) designed to target and compromise cloud workloads. Organisations leveraging cloud infrastructure should implement a cloud security program and platform that offers comprehensive cloud-native security.