Paris Olympics 2024: Cybersecurity experts sound the alarm on cyber threats

Organizers of the Olympic Games in Paris are bolstering cybersecurity precautions as experts and law enforcement agencies warn that a surge in cyberattacks is expected ahead of the Games this summer.

The Olympic Games, which open 26 July 2024, are expected to sell over 13 million tickets and bring more than 15 million visitors to Paris, generating an estimated €11 billion in economic activity in Île-de-France. The massive ticketing operation and surge in commerce, experts warn, make the Games an attractive target for cyberattacks.

In response, the Paris 2024 Organising Committee for the Olympic and Paralympic Games, the official organizing body of the games, has partnered with major technology companies and government agencies to mitigate the cyber threats.

“The Games are facing an unprecedented level of threat,” said Vincent Strubel, the director general of ANSSI, France’s cybersecurity agency, according to Reuters. “But we've also done an unprecedented amount of preparation work so I think we're a step ahead of the attackers.”

The Olympic Games have long been a target for cyberattack by organized crime groups as well as state and non-state actors given the global and high-profile nature of the events.

In 2021, the Olympics Games in Tokyo endured an estimated 450 million cyberattacks, according to technology giant Cisco. The company, which is an official partner for Paris 2024, says it expects eight times more attacks on the Paris Games.

The large amount of commerce and consumer data that are involved in putting on the Games also makes it a target for cyber criminals, experts note.

“Motivated by financial gain, cyber criminals are redoubling their efforts and will not hesitate to create websites that spoof everyday services such as web-based email, online shopping, banks and government agencies,” Paris 2024 notes on its official website.

Cyberattacks can come in many forms. Spoofing schemes, for instance, entail criminals impersonating individuals or entities online to commit harmful cyber acts while phishing scams entail attackers using fraudulent emails or messages to access personal information such as login credentials or credit card numbers. Phishing scams can also be used to install malware.

Other types of cyberattacks include malicious acts like distributed denial-of-service (DDoS) attacks, which disrupt normal internet traffic by overwhelming a targeted server or network with a flood of traffic, and various forms of malware. Experts also note that cybercriminals are using increasingly sophisticated means to boost their capabilities.

“The same attack vectors that have been employed by cybercriminals are still being used; however, new technology paves the way for nefarious activity,” the World Economic Forum’s Global Cybersecurity Outlook 2024 notes.

In its cyber threat overview report last year, ANSSI noted that all stakeholders connected to the Olympic Games are “pursuing their efforts to improve the security of information systems involved in accordance with the threat and to implement a reinforced detection and incident response system.”

Alongside ANSSI and private sector partners like Cisco and Eviden, Paris 2024 officials have been developing secure networks and bolstering cyber defences. Moreover, officials have been conducting comprehensive audits, establishing rapid response teams and conducting awareness and training programmes.

“The technological challenges associated with the Paris 2024 Games are the same as those of businesses, so ultimately, it is a full-scale IT project,” said Eric Greffier, the technical director for Paris 2024 at Cisco France.

Authorities have also been using so-called ethical hackers to conduct penetration attempts and test for vulnerabilities. In his remarks to the media, Strubel added that “there are 500 sites, competition venues and local collectives, and we've tested them all.”

Experts note that the cybercriminals are increasingly using advanced artificial intelligence (AI) systems to enhance malicious cyber attacks.

As the Global Cybersecurity Outlook 2024 adds, “the rapid spread of generative AI and other new technologies that can easily be used by cyberattackers poses a serious threat both for business and in public life.”

Yet cybersecurity officials are also using AI to reinforce defences. Eviden, for instance, says it is using “advanced services based on artificial intelligence” to detect and respond to cyber threats directed at the Olympic Games. This includes the use of AIsaac, the company’s new generative AI-powered cybersecurity detection platform that was unveiled last year. .

Franz Regul, managing director for IT at Paris 2024, added that “AI helps us make the difference between a nuisance and a catastrophe,” according to Reuters.