The Summer Olympic Games will be held in Paris this year, and while the athletes will be focused on breaking world records, there are plenty of opportunistic cyberthreat actors who will be focused on breaking into the event’s complex, fragmented digital environment. Like any international event, it will take a tremendous amount of cooperation, coordination and technical prowess from government agencies to secure the games from would-be attackers.

The Olympics aren’t just any international gathering, though, and with geopolitical tensions rising in the South China Sea, the Middle East and Eastern Europe, among other regions, the amount of cyber risk in these games is higher than ever. No other event in the world draws as many viewers from different countries as the Olympics does, and each one of those countries has nightly news that recaps the events of the day, amplifying whatever happened during the competition even further. For cyberthreat actors who are motivated to send a message in support of a specific political cause, make some quick cash, or simply cause chaos as a nod to their power, the summer games provide weeks’ worth of opportunities.

Generative AI

Here’s how. Sporting events have drawn cyberattacks for years now, with the most recent high-profile attack crippling Las Vegas casinos just weeks before the city’s Formula One race. But these attackers have more tools in their arsenal than they did even 24 months ago. The rapid advancement of generative AI has granted these bad guys the ability to spread hyper-realistic phishing messages and news articles that they can use to spam targets or social media platforms, tricking their targets into believing lies. We’ve already seen these types of AI-based misinformation or phishing campaigns executed on celebrities and for geopolitical purposes, and it’s not a stretch to think that these techniques will be used to target the world’s best athletes.

We’re unlikely to see an attack threatening the sanctity of the games themselves, as that would draw too much ire and attention from intelligence and police agencies of virtually every developed country on the planet who were excited to watch their athletes perform. Instead, savvy attackers will be looking to target ‘softer’ organizations, like vendors supporting the games, France and Paris-based businesses catering to fans or even Olympic athletes who haven’t locked down their social media accounts. These targets are less likely to draw the attention of Interpol and will have less advanced security measures, which attackers can take advantage of to spread their activist message or set up a ransomware attack for a quick payday.

Deepfakes

Imagine, for example, that a gold medal-winning athlete has their Instagram hacked after winning, and the attacker uses that platform to spread hate speech to further a political cause or ruin the reputation of a particular country’s athletic hero. Or, in the scenario in which two world leaders are seen talking at the games, a particularly crafty nation-state actor from a non-allied country creates a deepfaked audio or video segment of one of the leaders, promising impending military action against another.

There are actions that businesses, athletes and the games organizers themselves can take to mitigate their cyber risk, however. For the athletes and team staff, ensuring their social media accounts are secured with strong passwords and multi-factor authentication should be a top priority. Businesses should do the same, ensure they have the appropriate 24×7 security monitoring, and engage their employees in security awareness training to educate them on how to detect different phishing messages and social engineering scams. These potential situations could be horrific for the victims, but they’re not farfetched at all for cybercriminals with their targets set on the games and are easier to launch than ever.