The 2020 Summer Olympics, branded Tokyo 2020, are currently the focus of attention throughout the world. However, while the Olympics showcase the very best in sporting talent, the event also has a history of attracting the very worst of threat actors.
In this blog post, we outline past and present threats to the Olympic Games and the steps that organisations can take to reduce the risks. With more than 11,000 athletes and 206 countries and states taking part, the delayed Tokyo 2020 Olympic Games are currently being watched around the world.
This level of visibility makes the Games a target for those seeking to cause politically-motivated harm, enrich themselves, boost their profile or undermine the host nation on an international stage.
This year’s event has already been hit by a data breach in which the user-names, bank details, addresses and passwords of Tokyo 2020 ticket holders and event volunteers were reportedly compromised and leaked online. While a Japanese Government official claimed the data leak was not large, the breach is an unwelcome start to the event and continues the long history of cyber threats affecting the Olympic Games.
Another security oversight was revealed earlier this week in a tweet by Stefano Zanero. It took place during a volleyball game when a TV commentator asked for the credentials to his computer. Not realising they were still live on air, a colleague could be heard telling the commentator the password. Errors such as this can lead to attackers taking advantage and compromising systems with ease.
In the lead-up to the Games, the Japanese government prepared for a larger-scale of cyber-attacks than those which took place at the 2016 Rio Olympics and the 2012 London Olympics. As part of this, the government trained over 200 white hat hackers from Japanese ICT firms and carried out simulated attacks in cities and rural areas. However, as the data breach and the live security oversight suggest, this may not be enough to counter the threat actors seeking to take advantage.
Potential threat actors to the Olympics and their approaches
Three threat actor groups have significant motivation to attack the Olympics: foreign intelligence, cyberterrorists and hacktivists. One example of this took place during the 2016 Rio Olympics when attackers targeted the World Anti-Doping Agency and the Court of Attribution for Sport in order to obtain drug test results, leak them on to the public domain and direct attacks on the website. The information obtained during the compromise included highly sensitive information about the athletes with the potential to damage their professional careers.
The Kroll threat intelligence team see potential threat actor groups being capable of exploiting Tokyo 2020 in these ways:
- Targeted attacks
- DDoS (Distributed Denial of Service) attacks
- Ransomware attacks
- Cyber propaganda/misinformation
Foreign intelligence and large threat actor groups pose the greatest threat as they are sophisticated attackers with the volume of resources to cause a significant impact on operations. Ways in which they might go about this include brute-force and DDoS attacks, with previously observed tactics including malware and social engineering (phishing) targeting high profile stakeholders and athletes.
Another potential method which has been advised by multiple law enforcement agencies in a Cyber Security Advisory is a global brute-force campaign to compromise enterprise and cloud environments.
Cybercriminals have a wealth of potential opportunities due to the large number of athletes involved in the Games, some of whom may have poor cybersecurity practices. Given how opportunistic ransomware operators are, they may see the Olympics and its vendors as high-value targets. This is exacerbated by concerns about COVID-19 and the rise of COVID-19 related ransomware attacks.
Another potential way in which threat actors could impact the Games would be to take communication and broadcasting services offline, impacting on the ability to watch them in person or remotely. In 2018, during the South Korea Winter Olympics, malware known as the “Olympic Destroyer” was deployed with the task of erasing data and taking down services running online.
While less likely than the other threat actors outlined, ‘hacktivists’ are also likely to attempt a cyberattack on the Games. They may perceive the immense media coverage of the Games as a potential vector for gaining more publicity for their chosen cause. While they are likely to be less sophisticated than countries or professional cybercriminals, they still pose a risk.
Mitigations and recommendations to cyber threats
While most organisations are not subject to the same level of public attention as the Tokyo Olympic Games, there are steps to take to avoid some of the key risks:
- Create and have a risk management plan in place, to be prepared in the event of a possible attack
- Deploy EDR (Endpoint Detection and Response) with 24/7 monitoring
- Ensure all devices on the network are known, documented, patched constantly and not running default configurations
- Ensure all users are not re-using credentials, are following strong password practices and have multi-factor authentication (MFA) enabled.
Acknowledgements: Additional research from Zev Burton in the Kroll Threat Intelligence Team