The US Federal Bureau of Investigation issued a Private Industry Notification on July 21, 2021, as the Tokyo Summer 2020 Olympics got underway. Although it is not yet aware of any specific threats, the agency warned that “cyber actors who wish to disrupt the event could use distributed denial of service (DDoS) attacks, ransomware, social engineering, phishing campaigns, or insider threats to block or disrupt live broadcasts of the event, steal and possibly hack and leak or hold hostage sensitive data, or impact public or private digital infrastructure supporting the Olympics. Malicious activity could disrupt multiple functions, including media broadcasting environments, hospitality, transit, ticketing, or security.”
This is not at all surprising, given that previous Olympic Games have suffered cyber-attacks. High-profile organizations and events are often targeted by cybercriminals, whose motivation ranges from political hacktivism to financial gain. With much of the world watching the Games, they are a ripe target for lone wolf actors or even state-sponsored cyber warfare. Regardless of the motives for the attacks, organizations that are delivering the Olympic infrastructure should take heed and shore up their existing cyber defenses. Cybercriminals often favor Distributed Denial of Service (DDoS) attacks because DDoS-for-hire services are readily available on the Internet, making it relatively easy and inexpensive for anyone to launch an attack.
For any organization that is under a DDoS attack, without dedicated protection it can take anywhere from minutes to days to fully recover, depending on the nature of the attack. And even organizations that have a legacy or homegrown DDoS mitigation system in place, are highly likely to still suffer significant network downtime or degraded services. For instance, if they are relying on a third-party cloud scrubbing service, it often takes 10-20 minutes for network analysts to “swing” the bad traffic over to the scrubbing center and enable the correct mitigation; during that time, the target can be taken offline or degraded, and the cybercriminals could even sneak in to install malware on, or map the network to discover vulnerabilities for future attacks. Effective DDoS protection is able to automatically mitigate attacks, virtually eliminating the need for human intervention, preventing any amount of downtime.
Especially during the Covid-19 pandemic, when virtual event attendance is the norm, Olympic organizers are depending on digital platforms to broadcast the Games. It isn’t hard to imagine how an attack on any aspect of the Olympic network could pose major problems for spectators and/or athletes.
Another factor to consider is that the IT systems of any Olympics partner organization are by their very nature multi-faceted, involving many integrated systems that are part of a larger IT ecosystem; each of those systems needs effective cybersecurity, because a chink in the defenses of any single vendor could lead to a domino effect on other parts of the ecosystem. We sincerely hope that the Games go on without any disruption, and that the organizations collaborating to produce the Games already have strong cybersecurity defenses that enable them to thwart any potential attacks.
For over a decade, Corero has been providing state-of-the-art, highly-effective, real-time automatic DDoS protection solutions for enterprise, hosting and service provider customers around the world. Our SmartWall® DDoS mitigation solutions protect on-premise, cloud, virtual and hybrid environments. For more on Corero’s flexible deployment models, click here. If you’d like to learn more, please contact us.