Paris Olympics under threat as Russia favourite for hacking gold medal

The Olympic Games Paris 2024 are due to begin on 26 July, and four nations are already lining up to compete for the hacking gold medal. But who are they, and what threats do they pose for the ultimate sporting event?

Mandiant, a Google-owned threat intelligence company, has taken a deep dive into the cyber threats facing the 2024 Paris Olympics. It has assessed, with high confidence, that an elevated risk of attack exists for the event that commands a global audience of billions.

With equally high confidence, Mandiant says that Russian threat groups are favourites for the gold medal in this attack race of shame, with China, Iran and North Korea battling it out for the remaining podium places.

Russia dominates the Olympics threatscape, Mandiant says, “given its repeated targeting of previous Olympic games, its tense relationship with Europe, and recent pro-Russia information operations having already targeted France”.

As well as cyber-espionage, Russia has a long history of such intelligence-gathering activity. Mandiant warns that based on previous Olympics’ threat activity we are likely to see the nation-state “conduct destructive campaigns”.

This is made even more likely as Russian athletes can compete but can’t represent Russia. Mandiant highlights one particular threat group, Sandworm, in its report, saying it is likely to “conduct impactful disruptive, destructive, or hybrid operations in addition to intelligence collection”.

Related: Let the games begin: Paris Olympics puts AI to the test

Nisos report on Paris Olympics

Today, managed intelligence company Nisos published another report analysing the threats to the Paris Olympics.

Its analysts agree that Russia poses a significant threat and point to the 2018 Winter Olympics, where a hacking group called Olympic Destroyer, affiliated with the Russian military intelligence agency, disrupted the event by targeting the organisers’ internet infrastructure, for example.

But it’s not just event organisers who are likely to be targeted by cyber attackers; those attending the games are also a prime target.

Nisos warns attendees should be on the lookout for threats, including:

• Unofficial mobile apps designed to harvest data
• Credential-stealing malware
• Compromised Wi-Fi networks
• Social engineering scams, including ticket fraud

Protections in place

The good news is that the security community is well placed to defend against cyber threats against the Paris Olympics thanks to insights gained from attacks on previous global events. “While some entities may face unfamiliar state-sponsored threats, many of the cybercriminal threats will be familiar,” said Mandiant.

Nisos, meanwhile, advises attendees of the 2024 Paris Olympics to validate developers and sources before installing any apps. Also, limit permissions, disable location services on mobile devices, and don’t use unsecured public Wi-Fi networks.

On this last point, it’s generally more secure to use your 4G or 5G mobile connection than Wi-Fi at such events. Nisos recommends using a “reputable VPN service to minimise network exposure” regardless.