Federal security officials are warning that the upcoming Paris Olympics and other major sporting events are prime targets for cybercriminals and hacktivists seeking financial gain, causes promotion, or data theft.
A bulletin from the Canadian Centre for Cyber Security, released on May 31, cautions that online criminals will likely attempt to extort organizations linked to or near these events.
The bulletin also highlights the potential for cybercriminals to target individuals, such as spectators, using tactics like phishing emails and malicious websites.
Scams offering discounted merchandise, free event tickets, or access to live event streams can lure unsuspecting victims.
During the Tokyo Olympics, fake websites tricked users into providing personal information for access to event broadcasts and bombarded them with malicious ads.
Large organizations involved in these events are at risk of cybercriminals exploiting the vast amount of personal and financial data they possess for sale on the dark web or future scams.
“While smaller businesses may not typically be prime targets for cybercriminals, their proximity to major international sporting events increases their appeal for extortion,” the bulletin states.
Particularly vulnerable are the travel and hospitality sectors, which experience a surge in online activity during events, leading to the storage of significant amounts of sensitive data.
The bulletin cites a ransomware attack on an English football club in 2020 that encrypted most of its devices, causing disruptions to email, security systems, and stadium operations despite the club’s refusal to pay the ransom.
Major sporting events also present opportunities for hacktivists to advance their causes through website defacements, denial-of-service attacks, and data breaches.
For instance, hacktivism related to anti-government protests in France could target the 2024 Paris Olympics.
The bulletin also warns of potential state-sponsored cyberthreats targeting high-profile individuals and organizations involved in these events to gather sensitive information or foreign intelligence.
An incident in Rio de Janeiro saw Russia-backed threat actors steal credentials from an International Olympic Committee official accessing the World Anti-Doping Agency database, resulting in data breaches affecting Canadian athletes.
The Cyber Centre advises attendees, athletes, officials, and associated organizations to implement security measures to safeguard their systems during major international sporting events.