According to a new FortiGuard Labs analysis based on threat intelligence provided by FortiRecon ,
this year’s Olympics have been a target for a growing number of cybercriminals for over a year. Using
publicly available information and proprietary analysis, this report provides a comprehensive view of
planned attacks, such as third-party breaches, infostealers, phishing, and malware, including
ransomware.
FortiGuard Labs has observed a significant increase in resources being gathered for the Paris
Olympic Games, especially those targeting French-speaking users, French government agencies and
businesses, and French infrastructure providers. Beginning the second half of 2023, we saw a surge
in darknet activity targeting France. This 80% to 90% increase has remained consistent across 2H
2023 and 1H 2024. The prevalence and sophistication of these threats are a testament to
cybercriminals’ planning and execution, with the dark web serving as a hub for their activities.
Phishing kits: While phishing is perhaps the easiest form of attack, many low-sophistication
cybercriminals don’t know how to create or distribute phishing emails. Phishing kits provide novice
attackers with a simple user interface that helps them compose a convincing email, add a malicious
payload, create a phishing domain, and procure a list of potential victims. The addition of text-
generating AI services has also eliminated the spelling, grammatical, and graphical errors that allow
recipients to detect an email as malicious.
The FortiGuard Labs team has also documented a significant number of typosquatting domains
registered around the Olympics, including variations on the name com,. These are combined with cloned versions of the official ticket website that take you to a payment gateway where you loose your money and don’t get a ticket. In collaboration with Olympic partners, the French Gendarmerie Nationale has identified 338 fraudulent websites claiming to sell Olympic tickets. According to their data, 51 sites have been shut down, and 140 have received formal notices from law enforcement.
Infostealers: Information stealer malware is designed to stealthily infiltrate a victim’s computer or
device and harvest sensitive information, such as login credentials, credit card details, and other
personal data. We have also observed that threat actors are deploying various types of stealer
malware to infect user systems and obtain unauthorized access. Threat actors and initial access
brokers can further leverage this information to execute ransomware attacks, causing substantial
harm and financial loss to individuals and organizations.
“The Paris Olympics 2024 is a high-stakes cyberthreat target, drawing attention from cybercriminals,
hacktivists, and state-sponsored actors. Cybercriminals are leveraging fake ticketing platforms,
fraudulent merchandise and identity theft tactics to exploit unsuspecting participants and spectators.
The main goal is to target infrastructure, media channels, and affiliated organizations to disrupt event
proceedings, undermine credibility, and amplify their messages on a global stage. Major events like
the Olympics are good reminders that we all need to remain vigilant against cyberthreats. We
recommend following best security practices to safeguard yourself and your organization against
cyberattacks.”
- Vishak Raman, Vice President of Sales, India, SAARC, SEA & ANZ at Fortinet.