According to a new FortiGuard Labs analysis based on threat intelligence provided by FortiRecon, this year’s Olympics have been a target for a growing number of cybercriminals for over a year. Using publicly available information and proprietary analysis, this report provides a comprehensive view of planned attacks, such as third-party breaches, infostealers, phishing, and malware, including ransomware.
FortiGuard Labs has observed a significant increase in resources being gathered for the Paris Olympic Games, especially those targeting French-speaking users, French government agencies and businesses, and French infrastructure providers. Beginning the second half of 2023, we saw a surge in darknet activity targeting France. This 80% to 90% increase has remained consistent across 2H 2023 and 1H 2024. The prevalence and sophistication of these threats are a testament to cybercriminals’ planning and execution, with the dark web serving as a hub for their activities.
Phishing kits: While phishing is perhaps the easiest form of attack, many low-sophistication cybercriminals don’t know how to create or distribute phishing emails. Phishing kits provide novice attackers with a simple user interface that helps them compose a convincing email, add a malicious payload, create a phishing domain, and procure a list of potential victims. The addition of text-generating AI services has also eliminated the spelling, grammatical, and graphical errors that allow recipients to detect an email as malicious.
The FortiGuard Labs team has also documented a significant number of typosquatting domains registered around the Olympics, including variations on the name (oympics[.]com, olmpics[.]com, olimpics[.]com, and others). These are combined with cloned versions of the official ticket website that take you to a payment gateway where you loose your money and don’t get a ticket. In collaboration with Olympic partners, the French Gendarmerie Nationale has identified 338 fraudulent websites claiming to sell Olympic tickets. According to their data, 51 sites have been shut down, and 140 have received formal notices from law enforcement.
Infostealers: Information stealer malware is designed to stealthily infiltrate a victim’s computer or device and harvest sensitive information, such as login credentials, credit card details, and other personal data. We have also observed that threat actors are deploying various types of stealer malware to infect user systems and obtain unauthorized access. Threat actors and initial access brokers can further leverage this information to execute ransomware attacks, causing substantial harm and financial loss to individuals and organizations.
Vishak Raman, Vice President of Sales, India, SAARC, SEA & ANZ at Fortinet said, “The Paris Olympics 2024 is a high-stakes cyberthreat target, drawing attention from cybercriminals, hacktivists, and state-sponsored actors. Cybercriminals are leveraging fake ticketing platforms, fraudulent merchandise and identity theft tactics to exploit unsuspecting participants and spectators. The main goal is to target infrastructure, media channels, and affiliated organizations to disrupt event proceedings, undermine credibility, and amplify their messages on a global stage.Major events like the Olympics are good reminders that we all need to remain vigilant against cyberthreats. We recommend following best security practices to safeguard yourself and your organization against cyberattacks.”