Dark Web Shows Cybercriminals Ready For Olympics. Are you?
Posted: Tuesday, Jul 23

i 3 Table of Contents

Dark Web Shows Cybercriminals Ready For Olympics. Are you?

Major sporting events like the World Cup, Super Bowl, and Wimbledon attract millions, even billions, of viewers. Argentinaโ€™s shootout win over France in the final game of the Qatar 2022 World Cup reached a global audience of 1.5 billion viewers. And the Olympics, starting later this month in Paris, is the biggest of them allโ€”with the 2020 Tokyo Olympics having attracted a worldwide audience of over 3 billion viewers.

These events are also prime opportunities for cybercriminals. Over the past decade, the number of cyberattacks targeting major events has surged, increasing from 212 million documented attacks at the London 2012 Games to a staggering 4.4 billion at the Tokyo 2020 Games. These attacks often have direct financial motives, such as scams, digital fraud, or the acquisition of valuable data from attendees, viewers, and sponsors. In their excitement, eager fans often overlook potential risks when purchasing tickets, arranging accommodations, or buying memorabilia, making them easy targets for cybercriminals.

Others, desperate to view specific events, are enticed by malicious websites offering free access, only to have their devices compromised or personal data stolen. And with the worldโ€™s media focused on the event, criminals with a political agenda are looking for a large audience for their message by disrupting a significant site or knocking critical services offline.

Threat Actors Targeting the Paris 2024 Games

According to a new FortiGuard Labs analysis based on threat intelligence provided by FortiRecon, this yearโ€™s Olympics have been a target for a growing number of cybercriminals for over a year. Using publicly available information and proprietary analysis, this report provides a comprehensive view of planned attacks, such as third-party breaches, infostealers, phishing, and malware, including ransomware.

To download the full FortiGuard Labs report, visit here.

FortiGuard Labs has observed a significant increase in resources being gathered for the Paris Olympic Games, especially those targeting French-speaking users, French government agencies and businesses, and French infrastructure providers. Beginning the second half of 2023, we saw a surge in darknet activity targeting France. This 80 per cent to 90 per cent increase has remained consistent across 2H 2023 and 1H 2024. The prevalence and sophistication of these threats are a testament to cybercriminalsโ€™ planning and execution, with the dark web serving as a hub for their activities.

Hitting Critical Mass On Stolen Personally Identifiable Information

Documented activities include the growing availability of advanced tools and services designed to accelerate data breaches and gather personally identifiable information (PII), the sale of stolen credentials and compromised VPN connections to enable unauthorised access to private networks, and advertisements for phishing kits and exploit tools customised for the Paris Olympics. It also includes the sale of French databases that contain sensitive personal information, such as full names, dates of birth, government identification numbers, email addresses, phone numbers, residential addresses, and other PII, as well as combo lists (a collection of compromised usernames and passwords used for automated brute-force attacks) composed of French citizens.

Hacktivist Activity Spiking

Given that Russia and Belarus are not invited to this yearโ€™s games, we have also seen a spike in hacktivist activity by pro-Russian groupsโ€”like LulzSec, noname057(16), Cyber Army Russia Reborn, Cyber Dragon, and Dragonforceโ€”that specifically call out that they are targeting the Olympic games. Groups from other countries and regions are also prevalent, including Anonymous Sudan (Sudan), Gamesia Team (Indonesia), Turk Hack Team (Turkey), and Team Anon Force (India).

Phishing Kits and Infostealers Abound

Phishing kits: While phishing is perhaps the easiest form of attack, many low-sophistication cybercriminals donโ€™t know how to create or distribute phishing emails. Phishing kits provide novice attackers with a simple user interface that helps them compose a convincing email, add a malicious payload, create a phishing domain, and procure a list of potential victims. The addition of text-generating artificial intelligence (AI) services has also eliminated the spelling, grammatical, and graphical errors that allow recipients to detect an email as malicious.

The FortiGuard Labs team has also documented a significant number of typosquatting domains registered around the Olympics, including variations on the name (oympics[.]com, olmpics[.]com, olimpics[.]com, and others). These are combined with cloned versions of the official ticket website that take you to a payment method where you donโ€™t get a ticket, and your money is gone. In collaboration with Olympic partners, the French Gendarmerie Nationale has identified 338 fraudulent websites claiming to sell Olympic tickets. According to their data, 51 sites have been shut down, and 140 have received formal notices from law enforcement.

Similarly, several Olympic Gamesโ€“themed lottery scams have been identified, with many impersonating major brands such as Coca-Cola, Microsoft, Google, the Turkish National Lottery, and the World Bank. The primary targets for these lottery scams are users in the U.S., Japan, Germany, France, Australia, the U.K., and Slovakia.

We have also seen an increase in coding services for creating phishing websites and associated live panels, bulk SMS services to enable mass communication, and phone number spoofing services. These offerings can facilitate phishing attacks, spread misinformation, and disrupt communications by impersonating trusted sources, potentially causing significant operational and security challenges during the event.

Infostealers: Information stealer malware is designed to stealthily infiltrate a victimโ€™s computer or device and harvest sensitive information, such as login credentials, credit card details, and other personal data. We have also observed that threat actors are deploying various types of stealer malware to infect user systems and obtain unauthorised access. Threat actors and initial access brokers can further leverage this information to execute ransomware attacks, causing substantial harm and financial loss to individuals and organisations.

Our data indicates that Raccoon is currently the most active infostealer in France, accounting for 59 per cent of all detections. Raccoon is an effective and inexpensive Malware-as-a-Service (MaaS) sold on dark web forums. It steals browser autofill passwords, history, cookies, credit cards, usernames, passwords, cryptocurrency wallets, and other sensitive data. It is followed by Lumma (another subscription-based MaaS) at 21 per cent and Vidar at 9 per cent.

Conclusion

In addition to celebrating athleticism and sportsmanship, the Paris Olympics 2024 is a high-stakes cyberthreat target, drawing attention from cybercriminals, hacktivists, and state-sponsored actors. Cybercriminals are leveraging phishing scams and fraudulent schemes to exploit unsuspecting participants and spectators.

Fake ticketing platforms, fraudulent merchandise, and identity theft tactics threaten financial loss and undermine public trust in event-related transactions. Further, due to Franceโ€™s political stances and international influence, the Paris Olympics 2024 is also a prime target for politically motivated groups.

We anticipate that hacktivist groups will focus on entities associated with the Paris Olympics to disrupt the event, targeting infrastructure, media channels, and affiliated organisations to disrupt event proceedings, undermine credibility, and amplify their messages on a global stage.

Advice For Travelers

Organisations and individuals attending the Olympic Games need to be aware of heightened travel-related cyberthreats. These include the increased likelihood of public Wi-Fi interception and fraudulent activities linked to Olympics-related events, including malicious websites and phishing scams. We also anticipate increased targeted attacks against VIPs, including government officials, senior executives, and key decision-makers, and additional precautions should be taken.

FortiGuard Labs strongly recommends installing endpoint protection or endpoint detection and response (EDR) on all devices, taking extra care when connecting to public wireless networks, and using secure access service edge (SASE) services to encrypt traffic.

Recommendations and Mitigation Strategies

Major events like the Olympics are good reminders that we all need to remain vigilant against cyberthreats. FortiGuard Labs recommends the following best security practices to safeguard yourself and your organisation against cyberattacks.

  • Employee and user training and awareness: Conduct regular training sessions to highlight the risks of Olympics-related social engineering lures in the runup to and during the Games. Training should focus on recognising deceptive emails and fake websites and emphasise the importance of promptly reporting suspicious activities.
  • Public awareness campaigns: Launch comprehensive public awareness campaigns to educate attendees and participants about cybersecurity threats. Guide identifying phishing attempts, avoiding suspicious links, and reporting potential threats to designated authorities.
  • Protect sensitive data: Use security orchestration, automation, and response tools to detect and respond promptly to unusual activities. Maintain encrypted backups of critical data stored securely offline to mitigate the impact of ransomware attacks.
  • Monitor the external attack surface: Continuously monitor and assess your information technology (IT) infrastructureโ€™s external attack surface to identify vulnerabilities and potential risks. Implement measures to secure remote desktop protocol access and prevent exploitation of web server misconfigurations. Visit the Fortinet digital risk protection (DPR) service page for information on how FortiRecon can help.
  • Enforce multi-factor authentication and strong password policies: Implement multi-factor authentication across all systems and enforce a robust password policy. Monitor darknet channels for compromised credentials to proactively protect organisational portals.
  • User endpoint protection: Deploy antivirus and antimalware software on all devices to detect and mitigate phishing attempts and malware infections. Regularly update software to safeguard against known and unknown vulnerabilities.
  • Implement patch management: Maintain up-to-date software and operating systems by promptly applying security patches. Prioritise critical vulnerabilities that could lead to remote code execution or denial-of-service attacks.
  • Distributed denial-of-service (DDoS) protection: Safeguard infrastructure with multi-layered DDoS prevention solutions, including firewalls, virtual private networks (VPNs), and anti-spam filters. Monitor network traffic for anomalies that may indicate DDoS attacks and take pre-emptive actions.
  • Prevent ransomware attacks: Implement proactive measures such as regular software updates, secure offline backups, and user education to prevent ransomware incidents. Utilise threat intelligence to monitor darknet activities for potential threats and data leaks.
  • Website defacement prevention: Deploy web application firewalls to filter and block malicious traffic, protecting against website defacement and unauthorised access attempts.
  • Participate in threat hunting and response: Conduct robust threat-hunting activities based on compromised account information. Isolate infected systems promptly and perform system reimaging as necessary to mitigate threats.
  • Leverage cyberthreat intelligence (CTI): Utilise CTI to gather real-time data on emerging cyberthreats and potential risks. Monitor darknet chatter for early indicators of cyberattacks and data leaks to enable proactive incident response.

Download your copy of the Threat Actors Targeting 2024 Summer Olympics threat intelligence report.

Fortinet
Founded more than 20 years ago in Sunnyvale, California, Fortinet continues to be a driving force in the evolution of cybersecurity and the convergence of networking and security. Securing people, devices, and data everywhere is our mission. To that end, our portfolio of over 50 enterprise-grade products is the largest integrated offering available, delivering proven cybersecurity everywhere you need it. More than 755,000 customers trust Fortinet solutions, which are among the most deployed, most patented, and most validated in the industry.
Share This