The Olympics is the most highly attended, complex event in the world. Estimated to bring in over 15 million visitors this year, protecting the event from both physical and cyber-attacks is a massive undertaking involving thousands of trained professionals. During the London Olympics in 2012, more than 212 million cyberattacks were detected from the day of the opening ceremony, marked by multiple offenses such as a surge of distributed denial of service attacks on the electricity infrastructure. In the past few months of this year, more than 200 fraudulent sites selling tickets for sporting events have already been detected by French police. 

If you’re attending the Olympics or engaging with the event via a mobile application (such as the official Paris Olympics app), it’s important to know the risks facing your mobile device. Mobile devices are the prime attack vector cybercriminals have their eye on, since they are the hotspot for everything we do — from shopping, banking, entertainment, communication, work and even healthcare. Recently, the CISO for the Paris Olympics 2024 has announced that the number of attacks is expected to be eight times higher than it was for the Tokyo Olympics. So, what are those risks and how can you prepare? Let’s dive in.

Who is actually texting you?

There are many types of security threats facing an event as large as the Olympics. But when we zero in on the mobile device, there are a few threats most notorious for damage, the first being phishing. Phishing threats attempting to mimic “official” Olympic mobile applications will be on the rise. The goal of these attacks is to target attendees to gather sensitive information for further fraud or to trick attendees into downloading malware on their devices. The goal behind almost all cyberattacks is financial gain. With an audience that large, launching broad scams that target a wide swath of spectators is bound to reap some reward. If you’re attending or watching the games, keep your eye out for texts, emails or QR codes that aren’t from official Olympics updates or from people you know. As much as this may seem like common sense, this is one of the most successful avenues for cybercriminals when attempting to spread malware or steal sensitive data. QR codes have risen in popularity because of the ease it provides in sharing information simply with the scan of a camera. As a result, they will likely be seen everywhere in relation to the games, such as on TV screens, when downloading Olympic-related apps and in emails.

SMS-based phishing is also a specific type of phishing attack where attackers send links to mobile phones with the goal of having recipients click on the link or share personal information within a fraudulent site. For example, if you are looking to buy a ticket to the Olympics, double check you are on the official website before entering your information. Cybercriminals may pose as ticket vendors, sending a link to “buy” tickets but leading unsuspecting attendees to a fake website where payment info is then stolen. As mentioned earlier, email is still an avenue cybercriminals are expected to target during the games. For one, they may spam inboxes with junk mail in an attempt to create “email fatigue” in recipients, in which they will open a malicious email carelessly.

Ways you can steer clear of damage

From an attendee perspective, take the time to find the right mobile applications and ticket vendors rather than quickly and rashly following any link that prompts you to download or purchase. Beware of fake apps hiding in third-party app stores or opaque links that are promoted on social media apps like Instagram or TikTok. We expect there will be many fake and bogus mobile applications centered around the Olympics.

From an organizational perspective, employee awareness still is the farthest reaching and most successful way to protect against mobile attacks. Awareness training is a critical part of any comprehensive security strategy, and it involves communicating and practicing regular security training sessions and keeping an active watch on the latest threats. The sharing of intelligence, talent, technology and best practices is always valuable in regard to how organizations can protect themselves and their employees from attacks. The National Institutes of Standards and Technology (NIST) recently updated its Guidelines for Mobile Device Security (NIST SP 800-124r2) with a specific call for the need for Mobile Threat Defense (MTD) and Mobile App Vetting as part of a larger security strategy. The mobile device is the epicenter of today’s cybercriminal activity and thus should be prioritized as the epicenter of security strategies.

With the games being hosted in Paris this year, we’re already seeing attacks ramping up against the country. France has been the victim of a surge of cyberattacks in recent months. The French government announced recently it has been the victim of cyberattacks of “unprecedented intensity.” With the Olympics on the horizon, the government has launched a new agency aimed at combating online fraud and facilitating intelligence sharing between French and international law enforcement agencies — the French Anti-Cybercrime Office, or OFAC. Let this be a sober reminder that no attendee or spectator is beyond the reach of scams, fraud or cyberattacks. As you excitedly prepare to attend or virtually watch the Olympics, make sure you add cyber best practices to your list of things to do!