Major events in 2024 bring joy to sports fans, but also cyber risks. The summer of sport was therefore not just a festival for fans, but also a playground for digital threats.
2024 was a year of sporting superlatives: the European Football Championships and the Olympic Games in Paris offered sports enthusiasts around the world unforgettable moments. But where masses of people come together, cyber criminals also sense an opportunity. They see these major events not only as a stage for sport, but also for targeted social engineering attacks. The 2024 summer of sport was therefore not just a celebration for fans, but also a playground for digital threats.
Tempting targets for cyber criminals
With the increase in online activity around such major events, including streaming services, social media and online transactions, cybercriminals have many targets. The events offer numerous opportunities for social engineering – a particularly perfidious method in which criminals specifically exploit human emotions and the specific context of the event. SoSafe’s Human Risk Review 2024 shows that emotions such as curiosity, fear and pressure are particularly effective in manipulating people. Such attacks can also be implemented and scaled with little effort using artificial intelligence. 79% of the security officers surveyed consider the increasing use of generative AI in connection with social engineering attacks to be extremely worrying.
In the context of sporting events, for example, cyber criminals exploit this in phishing emails promising free tickets or betting games with attractive prizes. These emotionally charged offers exploit the anticipation and enthusiasm of sports fans and lead them into the trap.
The IT infrastructures required for the organization of such major events are often particularly vulnerable due to their complexity and the large amount of data processed. These infrastructures include not only the systems used to manage the events, but also networks used for communication, ticketing and the transmission of events. Personal and financial information of millions of visitors, participants and organizers is extremely valuable to cybercriminals and can be used for various types of cyberattacks such as phishing, ransomware and data theft.
Before the European Championships, the Federal Ministry of the Interior and UEFA warned of attacks on the ticketing system: this year, for the first time, electronic tickets were used exclusively and even before the first sales phase, millions of invalid requests were received from computer bots to paralyze the system or put false tickets into circulation.
Attack on the Grand Palais
However, cyber threats do not only affect fans: during the Olympic Games, hackers launched a ransomware attack on several museums in Paris. Among them was the Grand Palais, one of the prestigious Olympic venues. But the Grand Palais is just one of forty museums affected. The hackers targeted the system that centralizes the financial data of the stores and boutiques of museums throughout France. They blocked access and threatened to release the data if the institutions did not pay the ransom demanded in cryptocurrency.
Who is behind the attacks?
The attackers targeting such events are diverse: they range from individual cybercriminals aiming for financial gain to state-backed actors with political or economic motives. Hacktivists, on the other hand, use the high visibility of such events to draw attention to their concerns and embarrass the organizers. State-backed actors try to sabotage such events or gather intelligence information to achieve their own strategic goals.
How can you protect yourself?
For the organizers of complex events such as the Olympic Games, it must be a top priority to implement a comprehensive security strategy. This strategy should not only cover technological measures, but also include the entire staff. In at least 74% of cases, cyber criminals target employees to gain access to systems. Particularly at major events such as the Olympics or the European Championships, where hundreds of temporary employees are deployed, it is therefore essential to train them in advance. They need to be aware of the risks and develop an understanding of cyber security practices.
Especially in times of increased cyber activity, companies and private individuals should also be on special alert. It is particularly important that security is thought of holistically and that the human component is strengthened as the most adaptable part of the defense strategy alongside technical defense.
As a general rule, people should try to pause briefly when strong emotional triggers occur – if unnecessary pressure is exerted, unusual opportunities or profits are promised, or similarly strong emotions are triggered, it is worth questioning the request again or verifying it via other channels.
Security must become intuition
Major events offer numerous areas of attack. That is why we as a society and business must continue to educate ourselves about this and be sensitized to maintaining a culture of security. Many organizations are already aware of this: According to the Human Risk Review, building a security culture in their company is a priority for 89% of respondents.
In our digital and networked world, sustainable defense is only possible if cybersecurity becomes part of our everyday lives, i.e. “intuition”. Awareness and a gut feeling for the topic of cyber security is an important first step in staying ahead of cyber criminals and strengthening our digital self-defense.