Just a few weeks ago, Digital Shadows (now ReliaQuest) published a blog written by yours truly that analyzed the cyber threats to the UEFA EURO 2020 Championship. Little did I know that the biggest threat to that tournament would turn out to be the Italy national football team—an event that made me burst into tears of joy but also put my job on the line given the predominance of English nationals in Digital Shadows (now ReliaQuest)’ Photon Research Team. In the hope that writing about these kinds of sporting events will help other Italian athletes, I’ve also decided to write one about the threat landscape of the upcoming Tokyo 2020 Summer Olympic Games. 

This year’s edition is a troubled one, mainly because of the massive impact COVID-19 has had on the planning and organization of the event. Less than two weeks ago, Prime Minister Yoshihide Suga declared a new state of emergency for the country running throughout the Olympic Games to contain the outbreak of new variants. A surge in the number of cases registered by healthcare officials forced the International Olympic Committee (IOC) to hold the games without spectators and under tight quarantine rules. Additionally, a June poll in the leading Japanese newspaper Asahi Shimbun suggested that more than 80% of the population wanted the Games canceled or postponed.

Tokyo 2020 is not off to the best start possible. Along with COVID-related issues, cyber threats are also causing some severe headaches to the event organizers. Cybercriminals and state-sponsored threat actors have traditionally been very active during previous editions, with attacks being financially- or politically motivated. And if past experiences tell us something about what may come next, we may well observe some similar activity this year. In this blog, I’ll dive into some of the leading cyber threats to Tokyo 2020 in detail.

Cyber Threats to Tokyo 2020

Major sporting events like the Tokyo 2020 Olympic Games attract professional athletes from more than 200 nations and worldwide media coverage, making the event a fruitful target for those seeking to enrich themselves through fraud, cause politically motivated harm, or embarrass the host nation’s international stage. While this won’t be an exhaustive list of the cyber threats that blue teams will face during the Games, here are some of the most likely ones we may be observing:

  • Ransomware. The high-profile nature of Tokyo 2020 makes this event an attractive opportunity for cybercriminals, given that little downtime can be afforded by organizers and sponsors during the event. Consequently, if ransomware gangs were to encrypt one of the key partners’ networks successfully, they would have sufficient leverage to request a high ransom and a good chance of receiving that payment too. Call that a perfect scenario for these cybercriminals. Cybercriminals have already demonstrated endless times that they’re perfectly capable of exploiting situations where massive audiences are focused on a singular event— we wouldn’t be surprised if that were the case again.
  • Phishing. Phishing campaigns targeting events that attract heightened attention from big audiences are nothing new. Whenever the attention of a multitude of people is focused on a singular event, phishing campaigns are typically one of the first attack vectors used by cybercriminals to try and extract some value out of it—whether that is in the form of personally identifiable information (PII) or financial data. Using immediately recognizable branding and slogans linked to Tokyo 2020, cybercriminals can elicit a strong response from the email recipients and thus convince them to open malicious links to an impersonating domain or attachment.

 

Example of impersonating domains for Tokyo 2020 detected by SearchLight™

In the case of Tokyo 2020, phishing campaigns are likely to exploit hot topics like COVID-19 news and online access to streaming services. With no live spectators attending the games, there will likely be an increase in the demand for live streaming services, resulting in an increased chance of observing scams targeting this sector.

  • Malware. Does “OlympicDestroyer” ring a bell to any of you? As you may remember, during the 2018 Winter Olympics inaugural ceremony, a cyber attack that deployed a malware known as “OlympicDestroyer” crashed the organization’s IT systems, wreaking havoc on public Wi-Fi, ticket printing, and the Winter Olympics’ website. This story is a fascinating one in terms of capabilities, damages, and attribution, and serves as a great example of the high level of risk when so many networks and devices are interconnected.
  • Hacktivism. The threat posed by hacktivism has slowly diminished in the past two years. However, whenever events with international media coverage are set to happen, these groups may resurface to raise awareness on their agenda or damage the reputation of companies actively involved in the event. Based on previous observation of hacktivist campaigns, these actors are likely to conduct Distributed Denial of Service (DDoS) attacks against Internet service providers and broadcast companies to disrupt service during the Olympics. Along with potential hacktivist campaigns from outside Japan, Tokyo 2020 also features a low risk that internal hacktivism may target the games. The observation that most Japanese nationals expressed their opinion against these Olympic Games due to COVID-19 and financial concerns may well lead to minor hacktivist campaigns. However, the Photon Research Team has yet to observe any evidence of it. 

What are the risks of these various cyber threats?

Now that we discussed some of the critical threats to the organizing bodies and their key partners and sponsors, you may also ask yourself “Should I be worried about this?” The answer to this question—one that intelligence analysts get asked on a daily basis about the wildest array of threats—is quite simple and involves taking a risk-based approach to these issues. 

Using this approach enables your organization to adapt their cybersecurity program to specific needs and vulnerabilities by considering the potential impact of a certain phenomenon and its likelihood. As such, along with observing the main threat vectors, it is essential to analyze the motivations and capabilities of the actors that could potentially conduct malicious campaigns.

Risk-based analysis of the potential malicious actors during Tokyo 2020 (source: RAND)

 

Conducting this analysis well ahead of massive events like Tokyo 2020 will allow your organization to plan ahead and proactively defend against these threats. Taking a risk-based approach will also enable your organization to effectively prioritize threats and allocate those (limited) resources accordingly, thus strengthening the robustness of your defenses. 

For example, suppose you’re an anti-doping agency. In that case, you’re at high risk of being targeted in a state-sponsored campaign, given the observation of past attacks and geopolitical tensions around previous Olympics editions. In that case, you must build a tailored threat model that considers a broad array of factors specific to your organization and prioritize accordingly. 

What are mitigation strategies to these threats?

Understanding the motivations and tactics of the adversaries in your threat model can significantly expand the robustness of your security measures. Additionally, the following mitigation techniques can help limit the impact of any malicious activity that may occur throughout Tokyo 2020 (and beyond):

  • Allocate resources to mitigate cyber threats. Take a risk-based approach to review potential threat actors and their tactics, techniques, and procedures (TTPs). Distribute your resources accordingly and update your threat model as the landscape evolves.
  • Update and patch. First and foremost, organizations should make sure their firmware and operating systems are updated with the latest patches ahead of the beginning of the event. Leveraging software to detect, identify and prioritize vulnerabilities can relieve this process.  
  • Be wary of scams and phishing emails. Do not click on any links in emails marketing or referencing the event. The IOC will never be launching an email marketing campaign with “FREE TICKETS!!1!” as the header, nor will you ever find the truth behind sensational titles that urge you to “CLICK HERE” to discover why the next game is rigged.
  • Use legitimate app stores. Make sure you only initiate legitimate sites such as the Apple and Google stores when downloading applications. Also, ensure you review security and access permissions granted to these programs. 
  • Avoid untrusted networks. Corporate users should use Virtual Private Network (VPN) tunneling when connecting to company networks and corporate accounts, especially on public Wi-Fi. Multi-Factor authentication can also help combat successful account compromises.

Digital Shadows (now ReliaQuest) has been tracking the impact of cyber threats on main sporting events since 2014. Some of the most popular blogs published in this area include an assessment of the LI Super Bowl, the threats to the 2018 football World Cup, and the 2018 Winter Olympics threat landscape.

If you’d like to assess your organization’s risk exposure across the open, deep, dark web and technical sources, get a customized demo of SearchLight (now ReliaQuest’s GreyMatter Digital Risk Protection) here. You’ll get visibility into any impersonating domains or phishing schemes targeting your company’s name and brands, exposed data or PII, and reducing your attack surface online.