MSSP

MSSPs Should Stay Alert for Paris Olympics Cyber Threats

As the 2024 Paris Olympic Games approach on July 26, security experts say MSSPs and MSPs should already be preparing to help their customers mitigate the risks of destructive and debilitating cyberattacks.

Attackers are already trying to disrupt businesses around the world through phishing attacks, ransomware threats and other deceptive and sneaky attacks using the lure of the Olympics themes to tease users into letting down their guard.

These threats will provide big challenges for MSSPs and MSPs, but taking precautions and developing strategies today will go a long way to minimizing or deterring these threats, experts say. Increases in these kinds of attacks are common before and during athletic events and other public events, including in 2012 when the London Olympics suffered a disruptive 40-minute DDoS attack on the Olympic Park’s power systems, and in Beijing 2008 and Tokyo 2021 when hackers targeted cyberattacks toward athletes, attendees and critical infrastructure systems. 

“MSPs and MSSPs can help organizations develop a solid understanding of their overall attack surface, ensure they have broad visibility into their environment and assets, enforce strong identity controls, encourage a zero-trust security strategy and take control of the cloud” as the Olympic games approach, Mark Manglicmot, senior vice president of security services at cybersecurity firm Arctic Wolf, told MSSP Alert.  

These threats take advantage of the intense public focus on the Olympics or other high-profile events to target local businesses with crafty cyberattacks when they least expect them, he said. Through such attacks, hackers try to earn thousands to millions of dollars in illegal profits under the radar.

How MSSPS, MSPs Can Help

To effectively battle such threats, MSSPs and MSPs must tailor their customers’ cybersecurity strategies to fit each organization’s needs using proactive and reactive strategies to limit the number and severity of incidents while providing strong recovery capabilities, Manglicmot said.

“Log monitoring is critical to detect major threats,” he said. “This includes logs from intrusion detection systems (IDS) or network detection and response (NDR) systems, endpoint detection and response (EDR) solutions, firewalls, identity and access management (IAM) systems, email services and the cloud-hosted services that extend an organization’s environment beyond its own infrastructure.”

He added that this detailed log monitoring can increase the likelihood of detecting potential threats at an early stage, which is important. Also critical is giving customers increased resilience to ransomware attacks by maintaining proper backup practices.

“While backups do not address the issues around data exfiltration, being able to restore business operations can buy your organization time and limit the ripple effects of the attack," Manglicmot said.

Those backup best practices should include understanding and accounting for the shared responsibility model of cloud services, following the 3-2-1 principle of backup, which includes keeping at least three copies of the data on two different typers of storage with at least one copy of the data stored off-site. In addition, the best practices require periodic testing of recovery from the data backups.

Making the security challenges even tougher for MSSPs and MSPs during the Olympics are still-evolving AI-based threats that can be manipulated by cybercriminals and are difficult to detect. That includes phishing and business email compromise attacks, which, for example, appear to come from executives and falsely claim they need an employee’s help to access cash while on a trip due to a bad situation.

“Businesses should not overlook the human element and zero trust attitude toward protecting against AI-related threats,” Manglicmot said. “Many attackers use urgency as a tool to lure information from their victims. Any employee — no matter the level — should have some form of side-channel verification to establish mutual authentication if they receive an unusual request. On the tech side, we need to work harder at developing tools to understand when something is a deepfake or a phishing attempt.” 

He urges MSPs and MSSPs to advise their customers now on how to protect their sensitive data, intellectual property and digital infrastructure ahead of the Olympic games.

“We are in an era where technology is deeply embedded in the fabric of sporting events, so the need for effective security operations has become increasingly critical not only for the Olympics, but also for all professional sports organizations," Manglicmot said. "As cybercriminals increasingly evolve their tactics, MSSPs and MSPs will have a role in helping sports organizations evolve their security tactics, especially helping to protect sensitive data, intellectual property and digital infrastructure."

Olympics Increase Attack Vectors for Hackers

Jonathan Ong, a senior managed security services analyst with Omdia, told MSSP Alert that these kinds of cyberattacks are imminent with the Olympics just two months away, based on the previous incidents that affected prior Olympic games.

“The likelihood is amplified by the ongoing Israel-Hamas and Russia-Ukraine wars, and the European Union's — more specifically, France's — stance on these conflicts,” said Ong. “An event on the scale of the Olympics requires a large IT infrastructure, countless third-party providers and security at physical locations, which translates into a massive attack surface area and thus a multifaceted cyber risk landscape.”

The targets can be widespread, from cyberattacks on global attendees to the integrity of competition results and the availability of critical systems.

“Threat actors range from sophisticated nation-state actors to hacktivists and for-profit cybercrime groups," Ong said. "Specific attacks are likely to include, but are not limited to, distributed denial-of-service (DDoS), fraud attempts, identity theft, and more.”

MSSPs and MSPs can help their customers protect themselves by tailoring threat detection capabilities around Olympic-specific intelligence and tactics, techniques and procedures from previous and similar events, according to Ong. They can also collaborate and share intelligence with partner cyber firms, government agencies, such as the French national agency for information security (ANSSI), Japan's NISC and the Paris 2024 cyber unit while also preparing their customers by providing simulated attacks and response plan drills.

These needs provide broad opportunities for MSSPs and MSPs to help customers protect their assets and operations during these events.

“It is also important to note that security for the Olympics itself has been a multi-year project already in place,” Ong said. “The opportunity here is for MSSPs to support their own customers at a time when there is significant attention to the games.”

MSPs and MSSPs must be advising their customers right now about these concerns to prepare them for battle plans and worst-case scenario preparation, Ong said. They should be reinforcing security awareness and best practices, paying particular attention to Olympics-themed lures and prompts while also conducting red/purple teaming exercises such as breach and attack simulation (BAS) exercises and identifying the customer's attack surface area through external attack surface management (EASM) tools, he added. Another important task is to prepare by testing incident response and disaster recovery plans today before any attacks begin in earnest.

Rob Enderle, an analyst with Enderle Group, told MSSP Alert that one big challenge during the Olympics is that many spectators, athletes, support staff and others will be onsite in France and new to the countryside, making them vulnerable and susceptible to using hacked websites, tool, and hostile code that could lead them to fall for scams or to inadvertently distribute misleading information provided by hackers. These issues could result in anger, panic, and pranks that can cause injury or death.

“In addition, people will have jet lag, substance abuse and other issues, making them more vulnerable to being tricked into doing something like giving up their personal information," Enderle said.

MSPs and MSSPs can help their customers in these cases by monitoring and advising them about questionable traffic and messages, while also flagging new communication patterns between entities that look unusual or problematic, according to Enderle.

“They can also alert people as they come into the country of the likely risks that they will face and suggest ways to mitigate that risk,” he said. "(MSSPs and MSPs) have access to the communications and could even ask for permission to scan communications from new sources to help protect users more aggressively from potential scams and malware. They can particularly look for and block messages with spoofed identity information or from users who are using email domains that are designed to fool users.”

Enderle believes that MSPs and MSSPs should be advising their customers right now about how to protect themselves closer to the event.

"They should be asking users for the permissions they need in order to better protect those users so the protections kick in when the users arrive,” he said. “They should also be informing users on who to contact and how to contact them if they see an attempted fraud or are defrauded while using the MSP’s services.” 

Todd R. Weiss

Todd R. Weiss is a contributing editor to ChannelE2E and MSSP Alert. He is an award-winning technology journalist and freelance writer who covers the full range of B2B IT topics. He served as managing editor at EnterpriseAI.news and was a staff writer for Computerworld and eWeek.com. He is a diehard Philadelphia Phillies, Eagles, Flyers and Sixers fan and says he is the world’s worst golfer.