Large-scale events, such as the 2024 Paris Olympics or Euro 2024, pose elevated cybersecurity threats to enterprises. Palo Alto Networks Unit 42 recently orchestrated a cyber vigilance program to understand the cyber threats the 2024 Summer Olympics are likely to face and to highlight relevant essential services that could be impacted.
As the Olympics approach, concerns grow about risks from financially motivated cyber-enabled fraud, politically driven sabotage by state-sponsored actors and hacktivists, alongside the ever-present covert espionage activities – all posing substantial threats to the event’s security and integrity.
Unit 42 has compiled the key threats for organizations, especially those related to critical services, to consider as they prepare for the Games.
Financially motivated crimes are likely to present the highest and most sustained threat throughout the event, with cyber-enabled fraud being particularly prevalent means to obtain illicit funds from enterprises and individuals alike. Some of the key concerns for businesses are:
- Ransomware: Ransomware is the most frequent cause of financially motivated disruption. 2023 saw nearly 4,000 ransomware leak posts, a 49% increase from 2022. 28% of Unit 42 Incident Response cases in 2023 involved ransomware with data encryption. Ransomware on third parties can significantly impact supply chains and events like the Olympics. Meanwhile, direct targeting of the Olympics by ransomware is unlikely due to high law enforcement risks.
- Financial Theft: Business email compromise (BEC) is the most common form of financial theft. BEC actors are likely to impersonate sponsors or businesses involved with the Olympics, with average payouts of over USD 500,000. Financial theft expected before, during, and after the Olympics, leveraging fear, uncertainty and doubt of a “missed” payment
- Fraud (e.g., Ticket Scams): Fraudulent websites and mobile apps targeting tourists and businesses are expected. Unit 42 has begun to observe domains spoofing the legitimate Olympics website, while fake mobile apps masquerading as transport, booking, or other planning apps are prime targets for fraudsters. Payment processors or online businesses are likely to suffer from web-skimming attacks seeking to steal customer data and payment card data.
Palo Alto Networks recommended five cybersecurity tips for the upcoming Olympics:
- Zero Trust. One of the best ways to limit damage after an attack is to restrict the attacker’s movement and activity. Granting least-privilege permissions minimizes the impact of security incidents. When organizations design their security posture following a Zero Trust philosophy, attackers are less effective because initial access is limited. Zero Trust assumes the network is compromised and continuously validates the user, device, application, and data. This layered security approach prevents or limits lateral movement by attackers, giving victims more time to detect, properly contain and remediate the threat.
- Defense in depth. A security program designed with overlapping defenses and controls gives attackers more opportunity to alert you to their presence. Especially when combined with limited privileges in a Zero Trust philosophy, you can raise the signal-to-noise ratio of meaningful alerts that will let you focus on attacker activity earlier in the attack lifecycle.
- Maintain an incident response plan to prepare for and respond to cyber incidents, including emerging ransomware tactics like extortion, multi-extortion and harassment. Organizations that continuously review, update, and test their incident response plans – ideally with input from cybersecurity experts are much more likely to effectively respond to and contain an active attack.
- Ensure complete visibility of your attack surface. Seventy-five per cent of ransomware attacks and breaches fielded by Unit 42’s Incident Response Team result from a common culprit – internet-facing attack surface exposure. Deploying solutions that provide centralized, near real-time visibility can help organizations identify and mitigate vulnerabilities before they can be exploited. If services within your cloud account are accessing or being accessed by new and unusual IP addresses or over unusual ports, make sure your monitoring is configured to alert on this activity.
- Leverage the power of AI and automation to modernize security operations and reduce the burden on overworked analysts. The latest technology can help organizations drive down key cybersecurity metrics, denying attackers the time they need to compromise an organization’s systems or exfiltrate its data.
- Protect cloud infrastructure and applications. With cloud migration accelerating, threat actors will continue to develop Tactics, Techniques and Procedures (TTPs) designed to target and compromise cloud workloads. Organizations leveraging cloud infrastructure should implement a cloud security program and platform that offers comprehensive cloud-native security.
Click below to share this article
This post was originally published on 3rd party site mentioned in the title of this site
