DDoS Attacks Threatening Operation of the Paris Olympics
The Paris 2024 Olympics are set to kick off this Friday, yet the games face an unparalleled cybersecurity challenge as both opportunistic attackers and politically-charged hackers threaten their digital infrastructure.
Ransomware, phishing, data harvesting all pose a risk on the fans who will descend on the city and may not be as careful as they usually would, but one threat could cause untold havoc to the games themselves.
DDoS is currently a major concern, and one cybersecurity company Radware are raising the alarm on.
Olympic challenge
Radware's cyberthreat intelligence (CTI) team has identified high-visibility platforms associated with the Olympics as likely targets.
These include things like ticketing systems and streaming services platforms - all critical to the operational and commercial success of the Games.
- Olympics logistics and operations
- Streaming and media platforms
- Sports betting services
- Financial services handling Olympics-related transactions
- Tourism and hospitality systems
- Olympics-specific digital services
The potential impacts extend far beyond mere inconvenience, with the possibility of financial losses, reputational damage, and even safety concerns.
Historical data underscores the seriousness of this threat. The 2016 Rio Olympics faced DDoS attacks reaching up to 540 Gbps, while the 2020 Tokyo Olympics weathered an astounding 450 million attacks. Industry experts anticipate that the Paris Games could face an even more severe onslaught, given the current global cybersecurity climate.
Vincent Strubel, Director General of ANSSI, France's cybersecurity agency, emphasised the gravity of the situation, stating, "The Games are facing an unprecedented level of threat." This assessment from a key national security figure highlights the need for robust preparedness across all sectors involved in the Olympics.
DDoS dynamic
The warning about Olympic cybersecurity comes amidst a broader surge in DDoS attacks worldwide. Recent reports from cybersecurity firms paint a concerning picture:
F5 Labs reported a 112% increase in DDoS attacks from 2022 to 2023, Imperva noted a 111% rise in the first half of 2024 compared to the same period in 2023, and NETSCOUT recorded a peak of 1,016 DDoS attacks in a single day targeting Romania in 2024.
These statistics indicate a rapidly escalating threat environment that businesses must navigate, particularly those with direct or indirect involvement in the Olympic Games.
This is especially concerning when considering that the reports link the surge in DDoS due to ongoing geopolitical tension.
With the Olympics often being a playground for global politics to play out, the games could see sophisticated and state orchestrated attacks aimed at disrupting their services, making them much harder to defend against.
State-sponsored actors often will have more resources at their disposal, allowing them to conduct more complex attacks.
“The same attack vectors that have been employed by cybercriminals are still being used; however, new technology paves the way for nefarious activity,” the World Economic Forum’s Global Cybersecurity Outlook 2024 stated on a report on the Paris Olympics.
This is because one of the main methods of a DDoS attack is through bots. F5 Labs’ research found bad bots to be the biggest way to flood a website’s traffic.
Problem is, these ‘resller bots’ - bots that snatch up inventory minutes after they are released - are not uncommon on websites selling things like sports tickets. This, therefore adds to the difficulties in detecting malicious activity.
Deafening against DDoS
To effectively protect against DDoS attacks and secure web applications, Radware has recommended a comprehensive, multi-layered approach.
Organisations, especially smaller ones involved in ancillary services for the Olympics, are advised to deploy hybrid DDoS protection that combines on-premise and cloud solutions for real-time prevention of high-volume attacks and pipe saturation.
Equally, a dedicated emergency response team and intelligence on active threats are also crucial. For web application security, Radware emphasises full OWASP Top-10 coverage, low false positive rates, auto-policy generation, and robust bot protection.
They also stress the importance of API security and flexible deployment options.
In the current climate of surging DDoS attacks, the Paris Olympics stand at a digital crossroads. With critical systems under threat and geopolitical tensions high, the solution to keeping systems online is one of vigilance.
******
Make sure you check out the latest edition of Cyber Magazine and also sign up to our global conference series - Tech & AI LIVE 2024
******
Cyber Magazine is a BizClik brand
- Cloudflare: Dissecting the Cyberattacks of the US ElectionCyber Security
- DDoS Attacks Surge 49% as Hackers Target Financial SectorCyber Security
- AI & Automation: Nokia Report Shows Growth in Complex DDoSCyber Security
- Cloudflare: Lessons From Halting the World's Biggest DDoSCyber Security