Global sporting events such as the Tokyo Games have always been a world stage, showcasing not only amateur athletic brilliance, but also the host country. Pulling off a successful event costs billions, but it also serves as an invaluable marketing campaign. With this year’s summer games in full swing and the lockout of tourists and spectators, the digital infrastructure has never been more important for delivering the excitement of the games and the appeal of the host country.
However, such a high-profile undertaking also brings risks, and the impact of cybercrime activity is one of them.
Modern-day games such as the summer event in Tokyo require a massive digital infrastructure, from telecommunications to digital scoring and video streaming. Moreover, the global viewing footprint means much of that infrastructure depends on internet access. All of this adds up to a juicy target for adversaries to attack and take down the digital infrastructures needed to run and televise the games.
Indeed, threat actors have been targeting these events for at least a decade, starting with the 2008 Beijing event. London’s games in 2012 sustained repeated distributed denial-of-service (DDoS) attacks, including a 40-minute attack on the central venue's power systems that was likely intended to disrupt the opening ceremony.
The activity increased further in the 2016 games in Rio de Janeiro, where event-affiliated organizations were targeted by a large-scale DDoS attack from a DDoS-for-hire service known as LizardStresser. According to research from NETSCOUT’s ATLAS Security Engineering and Response Team (ASERT), the activities launched prior to the opening of the games and increased significantly after the games got underway.
It would be no surprise if this were to happen again at this year’s Games—indeed, a recent threat assessment from the Cyber Threat Alliance, a collaborative group of cybersecurity practitioners that work together to improve global cybersecurity defenses, notes that “CTA members assess that the [Tokyo Games] will be a prime target for cybercriminals due to the large number of potential victims leveraging online systems.”
In particular, the report noted the increased threat of ransomware and cyber extortion attacks, because “entities supporting the Games may have low downtime tolerance depending on the types of services they provide—especially during the event itself—making them key targets…”
NETSCOUT’s ASERT, a CTA member and contributor to the CTA report, has seen a massive increase in cyber extortion as cybercriminals have launched new methods, from DDoS extortion to triple extortion. In the latter attack, threat actors integrate DDoS attacks into a ransomware-as-a-service (RaaS) portfolio to create the so-called triple extortion attack. Here’s how it works:
- Encryption. With the traditional ransomware attack method, cybercriminals breach a network and encrypt valuable data, making it (and sometimes the entire system) unavailable to the victim organization. The attackers then demand payment in return for a decryption key.
- Theft. Here, cybercriminals exfiltrate the data before locking the victim out. They then threaten to expose and/or sell the stolen data publicly unless paid. This second level of extortion makes it harder for victims to ignore ransomware threats, because even those who can use backups to restore data remain at risk of data exposure. Clearly, it’s a valuable monetization tool: Coveware estimates that nearly half of ransomware cases in the third quarter of 2020 used exfiltration tactics.
- DDoS attack. Commonly used as a standalone extortion method, DDoS attacks now are on the list of services operators offer. This further ratchets up the pressure on the victim in a couple of ways: First, it emphasizes the seriousness of the adversary. And second, maintaining availability adds another stressor to a security team already dealing with the first two events.
Will this year be the year bad actors use all three against the event and affiliated organizations? There’s a very good chance this can happen. Geopolitical unrest plays a major role in bad actor activity, and the CTA report notes that nation-state actors pose the highest threat to the games. From the host country to the games committee, sponsors, and even individual competing nations and athletes, keeping a strong cybersecurity posture is vital. Information sharing and collaboration with commercial providers such as telecommunications companies and internet service providers is particularly important, because these organizations often are on the front line when it comes to experiencing cyberattacks.
As we have in the past, NETSCOUT has partnered with such support entities to protect them from DDoS attacks and other cybersecurity threats.
Learn more about defending triple extortion threats