www.securitymagazine.com/articles/100931-security-leaders-respond-to-olympic-venue-ransomware-attack
Person in front of monitor

Image via Unsplash 

Security leaders respond to Olympic venue ransomware attack

August 8, 2024

The Grand Palais exhibition hall in Paris experienced a ransomware attack. The exhibition hall is hosting Olympic events such as fencing and Taekwondo. Although malicious actors targeted the central computer system within the institution, officials state that no disruption to the games occurred. 

Security leaders weigh in

Kiran Chinnagangannagari, CTO & CPO at Securin: 

“As this new ransomware attack hits just five days before the long-awaited 2024 Paris Olympics concludes, officials must remain vigilant for more cyberattacks on the horizon. Adversaries, including hacktivists, state-sponsored groups and organized crime syndicates, continue to pose serious threats to the security of the games, athletes and the infrastructure of Paris.

“While there is no disruption from the breach yet, Franz Regul, Head of IT Security for Paris 2024, continues to stress that his SecOps team’s focus is on sabotage operations. Significant resources, training and scenario planning have been dedicated to this effort, including maintaining the secrecy of the security center’s location. With an estimated eight to 12 times more attacks than the Tokyo Games in 2021, rigorous preparations have been and continue to prove necessary to defend against ransomware, phishing, DDoS, misinformation, online scams and third-party exploitation. Stress tests, such as ransomware and DDoS simulations, are indispensable in preparing for these Olympic-level threats. French security teams must continue to utilize AI in their defense strategies and remain on high alert. 

“On top of that, the games’ security team critically depends on international cooperation. Rapid response teams across the world must work together to deliver continuous asset discovery and be on standby to recover and restore systems when attacks occur, protecting the games and all of its athletes. A unified, collective front is required between France and its international comrades for the strongest line of defense against these threats.” 

Josh Jacobson, Director of Professional Services at HackerOne: 

“The ransomware incident impacting the Grand Palais exhibition hall in Paris where Olympic events are being held, in addition to 40 French museums, is not unsurprising — but potentially quite creative. While details are scarce at this time, it appears this specific attack targeted the centralized computer system which may also host financial data for the Olympic venue and 40 small museums. The outcome of this successful compromise could be beneficial to cybercriminals in a number of ways: 1) Because of the sheer number of venues that will be scrambling to get their operations up and running, the bad actors could be hoping to rake in ransoms across the victim pool and maximize financial gain. 2) Targeting more locations than just the Grand Palais may scale as threat actors focus on ‘easier’ targets and attempt to use this access as a foothold into Olympics’ broader IT systems. It will be interesting to watch the situation unfold on the world stage.  

“Unfortunately, this is not the first attempted disruption that we’ve seen at the 2024 Olympic games — in the lead up to the opening ceremony, there were arson attacks against the French Rail Networks. These types of attacks cause major chaos and reputational impact on the city of Paris — and create unrest among the attendees.  

“There continues to be a significant risk of attacks against the event’s associated venues, attendees and spectators. Fake ticketing sites, social engineering campaigns or phishing attacks still pose a significant risk until the games end and beyond that. Who these cybercriminals target depends on what information they want to gather and from whom — it could be nations targeting their own people to track dissent or criminals looking for financial gain.  

“With less than a week remaining, time will tell if additional cyber incidents happen at the summer games. The potential impact on individuals is a genuine cause for concern and must be managed. We hope that the security and IT teams behind the event and the surrounding systems have prepared for as many scenarios as possible to protect everyone involved, from the attendees to the Olympians to the people of Paris.” 

Dr. Martin J. Kraemer, Security Awareness Advocate at KnowBe4: 

“Everyone expected the Olympic Games to be the target of cyberattacks. Mandiant released a report earlier this year suggesting that likely actors for attacks on the Games would be nation-state affiliated groups from Russia, China, North Korea and Iran.

“Little is known about the threat actor that launched the ransomware attack on Parisian museums, some of which hosted Olympic events. It is easy to see how the goal of these efforts was likely disruption. Attacks so far have included arson and a coordinated attack against the fiber network to keep people on their toes.

“Sixty-eight attacks have been noted since the start of the Olympic Games. On the night of August 3rd to 4th, a ransomware attack hit 40 museums, some of which host events of the Olympic Games. It is unclear which institutions were affected, as the Louvre denied being impacted.

“The attack remained limited to the museums’ shops, with the Games remaining unaffected. It was timed carefully to happen over a weekend when cybersecurity defense operations are presumably understaffed. That assumption likely does not apply to the Olympic Games, where staff are available 24/7 to protect the high-profile event.

“The cybersecurity agency ANSSI has been mobilized, and an investigation has started. The type of ransomware deployed and the means of initial access are not yet known. The attacker might be after financial gain, as the order processing and financial systems were targeted.

“Attackers have used ransomware attacks on other occasions to cover the tracks of something else. This might be the case here. However, it seems more likely that the scheme is a quick exploit and nothing else in this case.

In any case, organizations must ensure the following measures are in place:

  1. Enhanced email security: Implement advanced email filtering and provide employee training to reduce the risk of phishing attacks.
  2. Patch management: Regularly update and patch software to prevent exploitation of known vulnerabilities.
  3. Hardened remote access: Use strong authentication methods to secure remote access configurations.

“These steps are crucial in safeguarding against the persistent threat of ransomware attacks.” 

Abhilash Garimella, Vice President of Research at Bolster: 

“We are disappointed but sadly, not entirely surprised by news of a ransomware attack entering the second week of competition at the 2024 Paris Olympic Games. As cybersecurity professionals, we understand the statistics on the common origins of ransomware attacks. While we don’t yet know the source of this particular incident, most often the answer is they begin via a phishing scam.

Our team of researchers continuously analyzes malicious domains, and when compared to January of this year, in July they noted a more than 1000% increase in domains spun up around Olympics keywords, targeting consumers, attendees, even athletes and workers at the Games. Cybercriminals are using AI tools to more easily produce a convincing scam and trick users into clicking links that launch the ransomware. Protecting against these attacks requires advanced detection capabilities that enable an organization to proactively identify and address potential threats across various digital channels — including the open web, social media, app stores and the dark web.”