Targeting big companies, sponsors, and broadcasters has become a common practice for cybercriminals. And if all of the aforementioned entities are present in the same place, threat actors would definitely be interested. Back in 2020, a cyberattack hit the Summer Olympics. Now, in 2022, there’s fear that a similar attack might be eying for February 2022’s Beijing Winter Olympics and March 2022’s Paralympics.
The Federal Bureau of Investigation (FBI) showed concern that threat actors might target these two legendary events. While the FBI confirmed nothing so far, we do know what damage this may cause if successful.
You might ask yourself: Why would the FBI assume such an attack? What is on the line? And what types of attacks are we talking about? We’ve answered everything in the following article.
Beijing 2022 – The Hacking Olympics?
As mentioned, back in 2020, the Summer Olympics fell victim to a huge cyber-attack. And since it was the first to be transmitted exclusively via digital platforms and TV broadcasts due to COVID-19 pandemic restrictions, a lot was on the line.
Prior to the competition, the attackers managed to get their hands on the Tokyo 2020 Organizing Committee’s data. They were able to harvest the information through an attack on Fujitsu – a Japanese information technology firm.
The company disclosed the breach and stated that the threat actors stole data belonging to government clients. That includes the Tokyo 2020 Organizing Committee and the Japanese Ministry of Land, Transport, Infrastructure, and Tourism.
Now, the FBI warns of a similar threat that might be hitting the 2022 version of the Winter Olympics. According to the FBI, such attacks can involve injecting delivery, phishing campaigns, DDoS attacks, ransomware, social engineering, and even insider threats.
It doesn’t stop here. The Winter Olympics introduced its own app, which itself, proved to be insecure. As Citizen Lab reported, the app doesn’t have the means to protect its users’ data.
Moreover, the firm found a flaw in its encryption system that might allow middle-men to access documents, audio, and files in cleartext form. So, why is the app dangerous?
Well, because the athletes, audience, and the members of the press are obliged to get it. Not only that, they have to submit their personal information.
Unfortunately, the app collects a lot of sensitive information. That includes audio info, health status, device identifiers, WLAN status, passport info, real-time location, apps on the device, and the organization the user works for.
The FBI warns users not to install the app on their primary device. Instead, use a temporary one and leave the primary one at home:
“The FBI urges all athletes to keep their personal cell phones at home and use a temporary phone while at the Games.”
In fact, even the National Olympic Committees are advising everyone to do the same, due to cybersecurity concerns at the Games.
A Possible Winter Olympics Cyber Attack – Have Fun, Stay Vigilant
The Winter Olympics kicks off on February 4, 2022, and will last till February 20, 2022. That’s enough time for cybercriminals to commit their malicious acts. In other words, a Winter Olympics cyber attack is more than possible.
You, as a user, are responsible for protecting yourself. The FBI and the Olympic Committee have warned you that possible attacks might occur.
Stay vigilant, don’t submit your personal information if you don’t need to, don’t grant apps unnecessary permissions, and most importantly, don’t click on any link in an email that might look shady.