Any big event is likely to attract bad actors. Keeping the games safe from attack is a huge undertaking for event planners.
TechRepublic’s Karen Roby spoke with Ray Canzanese, director of threat research at Netskope, about cybersecurity and the Tokyo 2020 Olympics, being held July 23-Aug. 8, 2021. The following is an edited transcript of their conversation.
Karen Roby: I think more and more people are becoming aware now of the problems with cybersecurity and ransomware as some of these high-profile companies have been targeted. So, the Olympics no doubt will be a target. What are some of the concerns that you have that people need to be aware of?
SEE: Security incident response policy (TechRepublic Premium)
Ray Canzanese: Ransomware is a good point. The thing that’s happening with ransomware is really that attackers have found a way to make every possible victim a viable and useful victim. So, it used to be that you were finding a target that you could somehow steal information from that you could later sell. Ransomware kind of made it so that everybody becomes a target, because you can hit anybody with ransomware, and anybody has data, right? Whether it’s valuable to anybody else or not is irrelevant. It’s valuable to them, so you hold it hostage.
So, that’s really why we see I think so many people now in the general populace really in tune with what’s happening, is because it used to be that only high-value targets were really targeted by cyber criminals, and now it’s pretty much anybody who has information. Any company; any individual. You’re worried about your photos that got locked up or your company’s data that got locked up.
So, in other words, the Olympics come around and what’s going to happen from a ransomware point of view is really just that the Olympics are a major cultural event that attackers will leverage to try to trick you into doing something, giving them access, installing software, some way that ends up infecting you with ransomware. We see this with any major cultural event.
At the beginning of the pandemic we saw so much fake COVID-19 trackers, COVID-19 alerts, please install this app, it’s going to let you know if you’ve been exposed, and it was all malicious. We’re going to see that same exact stuff happen with the Olympics.
SEE: How to manage passwords: Best practices and security tips (free PDF) (TechRepublic)
From the regular person’s point of view, that’s going to be what you need to be careful of. Is this app that you just got sent to stream some Olympics game legitimate? Is this news article with some salacious headline about the Olympics, is it real article or is it misinformation clickbait trying to get you to install something malicious? So, that’s probably what the average Joe or Jane is going to see during these Olympics is those sorts of baits being used to target pretty much everybody.
Karen Roby: Ray, talk a little bit about some of the steps that you think the Japanese government and Olympic officials need to be taking to be in the best position from an offensive standpoint.
Ray Canzanese: Yeah, absolutely. So from the organizers themselves, the Japanese government trying to prepare for the Olympics, they have history to look back on to sort of predict what’s going to happen. The last big Olympics-related cyberattack was Olympics Destroyer, right? It was malware specifically written to try to disrupt the games. It was state-sponsored coming from Russia, and it was sort of deliberately spreading within the network and deleting things, trying to disrupt everything it possibly could. Since then, there’s been only maybe more evidence that that’s going to continue.
With all of these doping concerns and the athletes being banned from the games, we saw throughout that investigative process the Russian state-sponsored groups going after these anti-doping agencies. Trying to somehow mess up the chain of custody, delete data, try to disrupt the procedures enough to somehow allow the athletes to participate in the next games. So here we are with the athletes not participating in these games, a history of these cyberattacks, both against the Olympic games themselves and against these anti-doping agencies. I mean, it’s only sort of assumed that Olympic Destroyer version 2.0 is going to be used during these upcoming games.
So, the Japanese government, the Olympics organizers, they are all preparing, making that assumption. So that means very much hardening networks, making sure there is redundancy, putting backups in place, building response teams that will be there on the ground monitoring what’s happening in real-time, going through exercises to be sure everybody is prepared. What happens if somebody does get into the network. There’s so much preparation from a security operation standpoint that’s happening right now to ensure that if something like Olympics Destroyer happens again, that it happens in the same way it happened before. If it gets in, they manage to quickly and effectively stop it.
Karen Roby: So if you had to kind of summarize, Ray, the ultimate objective here for the hackers, what would that be?
Ray Canzanese: From the standpoint of attackers and what their objectives are going to be for what we believe is most likely going to be Russian state-sponsored groups, it’s going to be disrupting the games themselves. They want to actually disrupt those games. That’s what Olympics Destroyer was doing, that’s what they were trying to do against the anti-doping agencies, that’s what we predict they’re going to try again to these games.
For all the other stuff, it’s typically financially motivated, right? It’s how do you make money off of the Olympics craze? Well, you do it through ransomware, banking trojans, scams. You’ll see a fair number of probably fake streaming sites that ask for credit card information to access a free livestream of the Olympics that result in theft of funds from people’s bank accounts. So, all of that financially motivated stuff is going to be pervasive throughout these Olympics.
SEE: Stop using your work laptop or phone for personal stuff, because I know you are (TechRepublic)
Karen Roby: I find it really interesting when you think about it, that when it comes to the Olympics, not only are there so many concerns about people that are there on the ground physically part of the Olympics or people getting in that shouldn’t be there, but now unlike many years ago, the Olympic Committee and officials, everyone, has to worry about security within the facilities and also out in cyberspace. I mean, it impacts everyone.
Ray Canzanese: Right, right. You used to just worry about the people that were physically present, and now you worry about pretty much everybody across the globe. What are they going to be targeted with? What’s going to be disrupted? I’m sure Comcast NBC, who are televising the Games, are just as worried about cyberattacks, because there’s so much vested interest in them being able to get the games live out on DV in real-time.
So, they’re probably equally as sort of vested in preparing and making sure that they are completely prepared in case they become a target of a cyberattack, right? Maybe you can’t disrupt the games, so what’s the next best thing? Disrupt the TV livecasts of the games.
Every sort of organization involved in the Olympics is a potential target, and attackers are opportunists. If the core Olympics infrastructure is so locked down, they’ll just go look somewhere else, they’ll find some other way to disrupt something.