Global sporting events such as the Tokyo Games have always been the true world stage which not only showcases athletic brilliance of athletes competing but also showcases the host country as well. Hosting a successful Olympic event costs billions of dollars but provides greater returns; as it serves as an invaluable marketing and promotion campaign.
This year’s summer games are happening in full swing as we speak. However, due to the COVID-19 pandemic, the lockout for both tourists and spectators is still in use. Digital infrastructure has never been more important for delivering the excitement the Olympics holds and more importantly, promoting the host country Japan to newer heights.
But there is something worth considering and that is something which has never been considered before. This kind of high profile undertaking brings with itself some serious risks. Among them is the impact of cyber attacks.
The corporate world has recently been facing ransomware attacks in large numbers, catching many off-guard and causing the credibility and trustworthiness of cyber security bodies and firms to go down.
Modern day games like the FIFA World Cup and the Summer Olympics always need a large digital infrastructure, ranging from communications to digital scoring and video streaming. With the whole world being mobile, video streaming is now a must.
Other than that, the global viewing footprint indicates much of this infrastructure depends on internet access. All of this adds up to a target hackers intend to attack and take down digital infrastructures and networks needed to run and televise these games.
Have hackers tried carrying out Cyber Attacks at sporting events?
Without any further doubt, these hackers have been targeting these events, and planning to attack them since a decade at least, starting with the 2008 Olympics in Beijing.
The 2012 Olympics of London faced repeated Distributed-Denial-of-Service (DDoS) attacks, among them an attack lasting 40 minutes on the central venue’s power systems which most likely intended to disrupt the opening ceremony of the Olympics.
This kind of activity increased further during the 2016 Olympics which were held in Rio de Janeiro. At the event, affiliated organizations were victims of a large-scale DDoS attack from a DDoS-for-hire service going by the name LizardStresser.
Numerous cyber security and research bodies carried out research findings, revealing that the activities were launched before the games began and their frequency increased after the games got underway.
It wouldn’t be surprising if these attacks took place during this year’s Olympics. A recent threat assessment from the Cyber Threat Alliance (collaborative group of cybersecurity experts working together to counter cyber attacks) noted that the Olympics held in Tokyo are a prime target for cyber attacks due to a large number of potential victims using online systems.
In particular, the assessment noted that the increased threat of cyber attacks and ransomware attacks are due to entities supporting these games having low downtime tolerance. This is dependent on the kinds of services they provide during the events. This makes them prime targets.
Numerous experts and Ddos protection providers have seen a massive rise in online extortion because cyber criminals are using newer methods ranging from DDoS extortion to Triple Extortion.
In the Triple Extortion attack, cyber criminals integrate DDoS attacks into ransomware-as-a-service (RaaS) portfolios creating a triple extortion attack.
How do hackers conduct a triple extortion attack?
Here is how hackers carry out a triple extortion attack, as determined by cyber security experts from a well-known DDoS protection service provider based in Newark, New Jersey:
- Encryption: Using a traditional ransomware attack method, cybercriminals break a network and encrypt valuable data. This makes the network (and at times the whole system) not available to the organization falling victim to this attack.
- Theft: In this part, cybercrooks exfiltrate the data before locking out the victim. They then threaten to either expose and/or sell the stolen data to the public unless and until they are paid. This level of extortion often makes it harder for victims to ignore threats of ransomware because even those who are using backups to restore data remain at risk of data exposure.
- DDoS Attack: Commonly used as a standalone extortion method, DDoS attacks now are on the list of services most operators are offering. This further ramps up pressure on victims in numerous ways. First, it emphasizes the serious nature of the adversary, and secondly, maintaining availability adds another stress related factor to a security team already dealing with the first two events.