Hackers hit Paris Olympics venues & museums with ransomware

Hackers have targeted the Grand Palais Olympics venue and other museums in Paris, launching a ransomware attack aimed at the collection system for financial data from stores and boutiques in museums across France. This attack has blocked access to this centralised data and threatened to release it unless the institutions meet the hackers' demand for a ransom paid in cryptocurrency.

This cyber attack is the latest in a string of incidents targeting institutions during the 2024 Paris Olympics. Bernard Montel, EMEA Technical Director and Security Strategist at Tenable, commented on the attack's implications. "With Paris 2024 well underway, security teams must be braced against the heightened threat of cyberattacks facing this year’s Games. The attack against the computer systems belonging to the Runion des Muses Nationaux et Grand Palais (RMN) reminds us that threat actors are still fixed on causing disruption and damage," he said.

Montel emphasised the potential for diversion tactics by the hackers. "While this attack looks to have been identified quickly, remediative action taken immediately, and the damage therefore seemingly limited, there is always concern that threat actors could use an attack as a distraction for security teams. While everyone is focused on what appears to be the key threat, aka the ransomware attack, hackers could be using this to divert attention, allowing them to sneak in a less conspicuous window to target critical systems that will already be running at full capacity."

The broader context of cyber threats during the 2024 Games includes potential attacks on key sponsors and those closely associated with the event. The Tokyo 2021 Games experienced an estimated 450 million cyberattacks, reflecting the heightened vulnerability during periods of high user traffic, which strains security infrastructures.

Montel added, "Organisations associated with the games will soon enter an IT ‘freeze’ period, meaning their systems will be left as they are to avoid any periods of inaccessibility or disruption. Whilst this makes sense, it also makes systems incredibly vulnerable because of a lack of proactive security updating."

To mitigate these risks, Tenable has recommended a series of measures: conducting a full inventory check of all software updates, applying patches, revising user permissions, strengthening access with multi-factor authentication, carefully managing access and identity, continuous monitoring for abnormal behaviour, and ensuring security teams are prepared to act immediately if a critical vulnerability is identified.

"The Olympic motto is Citius, Altius, Fortius, meaning Faster, Higher, Stronger. While Olympians live and breathe this sentiment, so too do the hackers and scammers preparing to exploit the Games," Montel remarked.

Beyond ransomware, the threats include Distributed Denial-of-Service (DDoS) attacks, physical threats to security infrastructure such as CCTV and ticket gates, and even potential disinformation campaigns. Last month, Microsoft warned of an intense disinformation campaign targeting the International Olympic Committee to stoke fears of violence during the Games.

According to Montel, "There are many sponsors and suppliers preparing to successfully deliver Paris 2024, all of whom will have dedicated infrastructure and resources. Unfortunately, this makes them prime targets for hackers over the next month."

As cybersecurity measures continue to be a focal point during the ongoing Paris Olympics, institutions and affiliated organisations grapple with the increasing complexity and scale of cyber threats posed by malicious actors aiming to exploit vulnerabilities in high-profile events.