Paolo Passeri, Cyber Intelligence Specialist at Netskope, warns about the role of cybercriminals during periods of high media attention at international sporting events
On 16 June, many Poles were unable to watch their country’s Euro 2024 match due to a cyber-attack on the national network. The disruption began at kick-off, when the main national broadcaster went down due to a distributed denial of service (DDoS) attack. The geopolitical context and developments in the means of communication are leading to changes in the balance of power between the various stakeholders, resulting in a multi-faceted hybrid war. The media coverage provided by international sporting events is encouraging cybercriminals to attempt malicious campaigns.
Paolo Passeri stresses the importance of having extensive and comprehensive security systems in place.
“Sporting events are an opportunity for cybercriminals to apply their techniques to as many people as possible and disrupt the organisation in order to demand ransom or get a message across. The issue of cybersecurity is therefore a key concern, to ensure that history does not repeat itself. Olympic Destroyer, a wiper (malware that deletes data from a computer’s hard drive) used by the Russian group Sandworm, paralyzed the IT systems of the 2018 Winter Games. Today, the risk of similar disruptions is more relevant given the geopolitical situation and the hybrid conflicts that are taking place in various parts of the globe.
As the city of Paris prepares to host the global event this summer, Anssi is working closely with the Summer Games Organizing Committee to limit the impact of potential cyber-attacks. These could be aimed at exposing acts or drawing attention to the technical skills of these groups. It is therefore important to put solutions in place to block all points of entry to the networks and limit the vulnerable surfaces.
Moreover, user education and adopting responsible behaviour is essential as humans can be the target elements in the attack chain. If this is done correctly, it would greatly reduce the chances of intrusion of malware or the disruption of the competition network and its broadcasts by threat actors..
Cyber-attackers can seek to integrate any network, so all stakeholders in these international events, directly or indirectly, are affected by these threats. It is important that cybersecurity tools are put in place to protect the sessions of employees and the organisations in charge of broadcasting, wherever they are and whatever their terminal.
In addition, setting up an incident response plan would make it possible to detect unusual access and quickly contain any potential malicious intrusion. Stakeholder companies can also introduce multi-factor authentication for Internet access systems, and adopt a zero-trust approach for secure access to internal applications.”