by Nadir Izrael
The 2024 Paris Olympics promises to be a spectacle of athletic prowess and global unity. Millions of fans will travel to France or be glued to their screens to witness the Olympics this Summer. In fact, it’s expected that one billion people around the world1 will watch the opening ceremony alone. Despite the excitement, however, a growing threat to the Games lurks in the shadows: cyberwarfare. It’s a growing fear of many, with 53% of global IT decision-makers2 concerned about its impact. In the context of the Olympics, the director general of ANSSI, France’s cybersecurity agency3, believes, “The Games are facing an unprecedented level of threat.” A large part of that threat is cyberwarfare.
Indeed, with over 10,500 athletes and 15 million tourists4 expected in Paris, there’s likely to be twice as many physical and virtual connected assets, each one ripe for exploitation. It’s a digital goldmine for bad actors. Every asset, every connection, becomes a potential entry point. It’s the perfect opportunity for a different kind of competition to unfold in the shadows – the ‘Cyber Games.’
The allure of the ‘Cyber Games’
Current circumstances leave the Paris Olympics in a precarious situation. First, the recent political turmoil in France5 casts the perfect shadow. This instability is likely to provoke political protests and disturbances at the Games, something Russian cyber groups might use to their advantage6 to cause widespread disruption with ease.
Wars happening globally where France has provided aid7, have driven up fears of politically motivated violence too. It’s, therefore, unsurprising that over 41% of global IT leaders8 believe geopolitical tensions with Russia have exacerbated a greater threat of cyberwarfare. Further complicating matters, Russia’s discontent over its athletes9 being forced to compete under a neutral banner is only fuelling large-scale disinformation campaigns10 to stoke fears of violence and paint France as unsafe ahead of the Games.
Second, history repeats itself. Russian-state-sponsored groups posed as North Korean bad actors11 to disrupt the opening ceremony of the 2018 Winter Olympics. The malware, “Olympics Destroyer,” further disrupted Wi-Fi networks and disabled the official Olympics smartphone app, causing chaos for attendees12. Then, the 2020 Tokyo Olympics saw Russia’s military intelligence unit conduct cyber reconnaissance on various officials and organisations, including 450 million unauthorised communications13 to the official website and terminals. Officials expect eight times that amount14 during the Paris Olympics, in part due to AI.
Moreover, AI has supercharged cyberwarfare. After all, hackers don’t target networks, they target assets and AI allows them to do this with ease and at scale. In fact, tens of thousands of physical and virtual assets15 are connected to any organisation’s networks on an average day, with over 40% going unmonitored. If a device is compromised, it can be used to launch a lateral attack, disrupting larger systems. And when 89% of people travel with gadgets16, with nearly half travelling with over three, the city of Paris will become a dense honeypot for bad actors.
This all gives rise to the ‘Cyber Games,’ where bad actors aren’t targeting the podium, but the entire spectacle itself. It’s beckoning bad actors, cybercriminals and nation-state actors to compete for their own prizes. The 2024 Olympics is the perfect opportunity for disruption and notoriety on a global stage, achieved for a fraction of the cost of traditional warfare. Yet, much like the Olympics, it’s a dark web spectacle open to all cybercriminals. Since the start of the year, more than 1,000 domain names17 with the word “Olympic” have been purchased. Many of those are expected to be used in targeting attendees with offers for fake promotions, tickets and even phishing attempts.
But the ‘Cyber Games’ threat extends beyond the Olympics, jeopardising critical infrastructure, such as hotels, power grids, airlines and transportation. In fact, 43% of IT leaders working in transportation organisations18 already believe cyberwarfare to be just as damaging as physical warfare; attacks on an interconnected system will create a domino effect, crippling an organisation. Or worse, a nation.
Staying ahead in the race
Much like the Olympic torch is a symbol of positive values, like unity and knowledge, the world of cybersecurity must now light its own torch – a ‘digital torch.’
This ‘digital torch’ would become a beacon that constantly illuminates potential threats lurking in the shadows, catching them in their formative stage. This can only be achieved through AI and Machine Learning (ML). In fact, AI-powered security solutions enable organisations to stay ahead of emerging dangers in real-time, adopting a proactive stance and transforming raw data into actionable insights.
For this, a ‘digital torch’ must reveal the danger before it arrives. By using a combination of AI and ML, organisations can flip the script, turning the hunter into the hunted. Predictive AI technology scours the dark web, providing real-time situational awareness of active threats, often months before they materialise. AI can then be used to generate thousands of purpose-configured honeypots into potential “hotspots,” mimicking from a safe distance from the actual attack surface, allowing for the observation of malicious behaviours and techniques for educational purposes.
Moreover, with advanced natural language processing (NLP) techniques and the integration of human expertise, AI can target the individuals behind the threats, exploiting operational security flaws to place AI intelligence collectors to listen to the context of conversations. These collectors can be trained in hundreds of different languages, specifically about the exploitation of vulnerabilities, helping to track potential incidents in real-time and pre-emptively mitigate risks.
In the context of the Olympics, critical infrastructure also remains vulnerable. Attention on the Games may divert resources, leaving other high-profile targets or sectors like transportation exposed. Organisations must not inadvertently neglect other threats due to their concentrated efforts on Olympic-related security. This involves mapping out all entry points, blind spots and vulnerabilities within a network that could be exploited. Ensuring comprehensive security across all sectors – and knowing where the threats are lurking, thanks to AI – is vital to prevent cyberattacks from exploiting this shift in focus.
This is where AI-powered ‘actionable threat hunting’ informed by contextual insights about vulnerabilities and the risks they pose truly excels. These advanced solutions go beyond simple detection. AI can analyse vast amounts of data to prioritise risks based on severity and exploitability. It reduces 98% of the vulnerabilities19 an organisation needs to worry about, identifying potential threats before they are ever launched so that they can be addressed before an environment is ever impacted.
Threats are constantly evolving, demanding a more proactive approach. In the end, not all vulnerabilities are created equal, so pinpointing their origins and understanding how they affect interconnected systems can help organisations move beyond alert fatigue and focus on the most critical threats in real-time to shore up defences in the areas that matter most.
Securing the finish line
The ‘Cyber Games’ provide a chilling reminder of what lurks in the shadows around highly-regarded and celebrated global events, but we can stop their intended impacts from becoming a reality.
While the host nation shoulders a significant burden, the responsibility to protect the Olympics extends beyond borders. Businesses operating during the Games must prioritise proactive security measures, fuelled by AI-powered solutions that protect the entire attack surface and manage the organisation’s cyber risk exposure in real time. Similarly, vigilance against online threats is crucial for everyone involved, from athletes to spectators.
This collective effort becomes the true ‘digital torch’ that will outshine – and outrun – the shadowy ‘Cyber Games.’ Being proactive and working together is the only way the Games stay a celebration of global unity, rather than a cautionary tale of cyberwarfare’s impact.
The author, Nadir Izrael, is Co-Founder and CTO at Armis.
(*2) https://www.armis.com/cyberwarfare/
(*4) https://www.bbc.co.uk/news/world-europe-68018536
(*5) https://www.bbc.co.uk/news/articles/c724nnn29keo
(*6) https://inews.co.uk/news/france-political-turmoil-threatens-disrupt-olympics-3158594
(*8) https://www.armis.com/cyberwarfare/
(*9) https://apnews.com/article/russian-wrestlers-paris-olympics-8d9914e63f15f9ea659d92473a54c420
(*10) https://www.politico.com/news/2024/07/04/cyberattacks-disinformation-paris-olympics-00166558
(*12) https://www.teneo.com/insights/articles/a-new-arena-for-cybersecurity-the-olympic-games/
(*13) https://www.teneo.com/insights/articles/a-new-arena-for-cybersecurity-the-olympic-games/
(*15) https://www.armis.com/attack-surface-management/
(*17) https://www.teneo.com/insights/articles/a-new-arena-for-cybersecurity-the-olympic-games/
