Threat actors are usually motivated by financial gains and will stop at nothing to launch their attacks. One way they do this is by capitalising on large-scale events such as international sporting events, music festivals, and elections.
These events function as intricate machinery, requiring various components to synchronise and numerous critical services for their successful operation. They are prime targets, as attacks targeting essential services such as hospitality, transportation, telecommunications, media, payment processing, utilities, safety, and security have the potential to erode the event’s reputation, disrupt attendee experience, and inflict financial losses.
Collectively, apt preparation is needed to effectively manage and mitigate cyberthreats. Let’s explore some of the threats and the potential consequences they might have on essential services that support major events.
Disruption caused by ransomware attacks
Research by Unit 42 at Palo Alto Networks found that cyberthreats are not only increasing in frequency but also in sophistication. Financially motivated cybercrimes, such as ransomware attacks, are a major concern. In 2023 alone, we observed nearly 4,000 ransomware leak posts — a 49% increase from the previous year. These attacks are also accelerating in speed, with attackers now able to exfiltrate data in less than a day after compromising a system.
At a major global event, ransomware attacks on third parties can significantly impact supply chains and events, causing widespread disruption. For example, during this Summer’s Olympic Games, while a direct ransomware attack on the event itself is unlikely due to high law enforcement risks, attacks on third parties pose a significant threat. An attack on a financial service provider could disrupt payment processes, or an attack on a distributor could create difficulties in transporting goods needed for the event.
Business email compromise attacks
Another type of attack to be vigilant about is business email compromise (BEC). Unit 42 observed that BEC threat actors have a high intent of targeting essential services involved in this Summer’s Olympic Games. With a complex supply chain and many third parties involved in organising a major sporting event, threat actors can easily impersonate a company participating in the event, defrauding audience members or other companies involved.
While not new, BEC is the most common financially driven attack affecting enterprises, with average payouts exceeding US$500,000. BEC threat actors generally possess low technical expertise, but their ability to operate at scale and their increasingly sophisticated social engineering techniques heighten the likelihood of successful campaigns.
Furthermore, significant events like the Olympics attract tourists, resulting in more payment card data being available to steal from hotels, restaurants, and retailers. This leads to the rise of domains spoofing the legitimate Olympics website, as well as fake mobile apps posing as transport, booking, or other planning apps.
Fraud through ticket scams
Another avenue for threat actors to exploit large-scale events is through scams. Take, for example, Taylor Swift’s Eras Tour, which has attracted millions of concert-goers worldwide. In Singapore alone, at least 960 victims lost more than SG$538,000 due to scams involving tickets for the pop superstar’s series of six-day concerts in the city-state. Notably, for the European leg of the Eras Tour, it was estimated that more than 1 million GBP had been lost to ticket scams.
Victims typically come across listings of concert tickets through social media and e-commerce platforms. Tickets to large-scale events are usually highly sought after, so when victims encounter such listings, they tend to jump at the opportunity. Unfortunately, they soon realise they have been scammed when the tickets are found invalid at the concert or event venue.
Preparation is key
Organisations must adopt a proactive stance to stay ahead of attackers. Preparation is key — having an incident response plan in place enables organisations to respond swiftly to compromises, stopping attackers before they can execute their plans.
In addition, implementing a zero-trust network architecture limits an attacker’s movement within a network, reducing their potential impact. A defence-in-depth strategy, with overlapping defences and controls, increases the signal-to-noise ratio of meaningful alerts, allowing for earlier detection of attacker activity.
Countering AI with AI
Adversaries today are bolstered by the power of AI, and we increasingly see them utilising AI to launch faster, broader, and more sophisticated attacks. To counter this, defenders need to rethink their approach; they must harness the capabilities of AI in their cybersecurity defence strategies to automate detection, prevention, and response.
The importance of swift threat detection and response time cannot be overstated. High-fidelity automation can speed up the mean time to detect and mean time to respond, reducing the impact of cyberthreats and vulnerability windows. In the context of large-scale events, where numerous critical systems and vast amounts of data are at play, leveraging AI in cybersecurity can help security analysts sift through alerts and focus on those that truly need attention in almost real time.
Lessons learned
As the world converges on the global stage of the Olympics, the event serves not only as a celebration of athletic prowess but also as a prime target for cyberthreats. We know that threat actors see large-scale events as significant opportunities to exploit and as avenues to launch their attacks. Threat actors only need to succeed once to compromise and exfiltrate data from organisations, while security teams need to get their protection right 100% of the time.
By being prepared, implementing a zero-trust network architecture, and leveraging the power of AI and automation, organisations can better manage and mitigate cyberthreats, ensuring their security during large-scale events like the Olympics.