A new FortiGuard Labs analysis based on threat intelligence provided by FortiRecon has found that Paris Olympics has become a target for cybercriminals, and this trend is being observed from the past one year. The report has found evidence of planned cyberattacks such as third-party breaches, infostealers, phishing, and malware, including ransomware. FortiGuard Labs, says that it has observed a significant increase in resources being gathered for the Paris Olympics, especially those targeting French-speaking users, French government agencies and businesses, and French infrastructure providers.
Vishak Raman, Vice President of Sales, India, SAARC, SEA & ANZ at Fortinet, said: “The Paris Olympics 2024 is a high-stakes cyberthreat target, drawing attention from cybercriminals, hacktivists, and state-sponsored actors. Cybercriminals are leveraging fake ticketing platforms, fraudulent merchandise and identity theft tactics to exploit unsuspecting participants and spectators. The main goal is to target infrastructure, media channels, and affiliated organizations to disrupt event proceedings, undermine credibility, and amplify their messages on a global stage. Major events like the Olympics are good reminders that we all need to remain vigilant against cyberthreats. We recommend following best security practices to safeguard yourself and your organization against cyberattacks.”
Beginning the second half of 2023, the organisations claims to have witnessed a surge in darknet activity targeting France. This 80% to 90% increase has remained consistent across 2H 2023 and 1H 2024, says Fortinet while adding that the prevalence and sophistication of these threats are a testament to cybercriminals’ planning and execution, with the dark web serving as a hub for their activities.
Phishing Kits Used to Target Paris Olympics
While phishing is perhaps the easiest form of attack, many low-sophistication cybercriminals don’t know how to create or distribute phishing emails. Phishing kits provide novice attackers with a simple user interface that helps them compose a convincing email, add a malicious payload, create a phishing domain, and procure a list of potential victims. The addition of text-generating AI services has also eliminated the spelling, grammatical, and graphical errors that allow recipients to detect an email as malicious.
The FortiGuard Labs team has also documented a significant number of typosquatting domains registered around the Olympics, including variations on the name (oympics[.]com, olmpics[.]com, olimpics[.]com, and others). These are combined with cloned versions of the official ticket website that take you to a payment gateway where you loose your money and don’t get a ticket. In collaboration with Olympic partners, the French Gendarmerie Nationale has identified 338 fraudulent websites claiming to sell Olympic tickets. According to their data, 51 sites have been shut down, and 140 have received formal notices from law enforcement.
Infostealers
Information stealer malware is designed to stealthily infiltrate a victim’s computer or device and harvest sensitive information, such as login credentials, credit card details, and other personal data. We have also observed that threat actors are deploying various types of stealer malware to infect user systems and obtain unauthorized access. Threat actors and initial access brokers can further leverage this information to execute ransomware attacks, causing substantial harm and financial loss to individuals and organizations.