Events like the upcoming 2024 Paris Olympic Games, taking place from July 26, 2024, provides threat actors with the opportunity to disrupt a highly anticipated event that attracts global attention.
With more than 15 million tourists expected to descend into Paris during the games, there are huge safety and security risks for authorities to manage – including cybersecurity. Cyber-attacks, which have the potential to disrupt the event and have significant impact on attendees visiting the city during this time.
Paul Martini, CEO of cybersecurity company iboss, which will be exhibiting at Infosecurity Europe, told Infosecurity that the combination of a large volume of people alongside the highly interconnected critical infrastructure systems in a modern city provides opportunities for politically motivated attackers to wreak havoc.
These include nation states, such as Russia and China, being able “to cause a lot of damage without shooting a missile,” said Martini.
He noted that essential services such as water and transportation require high-end communication, which opens the potential for malicious actors to access those systems digitally. With so many applications and services digitally connected, it has become impossible to air gap all systems.
“When you have this level of bandwidth, connectivity and access, combined with critical infrastructure, things that are required to support large numbers of people, you have a situation that is extremely high risk,” explained Martini.
Zero Trust and Access Controls
Martini advised all organizations involved in facilitating the large number of visitors at the Olympic Games, from hotels to transportation. to analyze the level of access into their critical systems.
“Look at any way we are using this system to gain access and then how tight are the controls to prevent everyone else from getting access,” he said.
Attackers are likely to use common techniques for remotely accessing machines and executing commands, such as remote shell and secure shell protocol (SSH) attacks.
Strong access management and the zero trust concept are key to the solution. Martini highlighted the need to ensure that access is only granted according to need, and only to trusted users.
This process must be implemented across all access points, including systems that may not necessarily be considered critical. Martini gave the example of VPNs or desktops being used to quickly access camera systems.
“They often don’t realize the same door they’ve created will be the same door the attackers are going to use,” he noted.
Martini also urged organizations to practice scenarios where services have been taken down by a cyber-attack, ensuring they have manual processes that can work effectively.
Advice for Paris Olympics Visitors to Stay Cyber Secure
Attendees at the Paris 2024 Olympics should have basic necessities with them at all times, such as food and drink, in the scenario that they may be stuck somewhere without access to services due to a cyber incident.
Martini also warned visitors that visitors are likely to be heavily targeted by financial scams during the event on the ground. He highlighted one tactic that has become popular – individuals asking for money to be transferred from phones for purported reasons like charity donations, requesting they provide their authentication for banking apps.
“When you get your phone back, you realize they’ve just wired thousands of dollars to their account,” he said.
Martini also cautioned against the use of cryptocurrencies during trips like this, despite their convenience. This is because once funds are drained away there is no way of getting it back.
Image credit: Svet foto / Shutterstock.com