Urgent Cybersecurity Risks Identified in Paris 2024 Olympic Games Online Infrastructure by Outpost24
Outpost24, a leading provider of cyber threat exposure management solutions, has today released its research findings after investigating the online infrastructure of the upcoming 2024 Paris Olympic Games. The research revealed that while, overall, the cybersecurity posture of the Olympic Games Organizing Committee Paris 2024 site is mostly secure, it also highlighted several risks, including open ports, SSL misconfigurations, cookie consent violations, and domain squatting.
With global interest, it is anticipated that over 1 billion people will be watching the Paris 2024 Olympics, with 326,000 people attending the multi-sport event which takes place from 26 July to 11 August. These events are a hotbed for cyber criminality, especially as online web traffic is expected to rise as the tournament draws nearer. Cybercriminals will look to capitalize on any weaknesses to cause disruption or steal sensitive information for monetary gain. For instance, the 2020 Tokyo Olympics infrastructure was hit by 450 million cyberattacks ? 2.5x times the number seen just over a decade ago in London 2012.
Using its External Attack Surface Management (EASM) solution Sweepatic, Outpost24's report highlighted the following core security risks with the Paris 2024 online infrastructure that would need addressing to reduce the overall risk of a compromising cyberattack:
Open Ports, if not configured properly, pose a security risk by allowing hackers to exploit vulnerabilities and access confidential information. Two exposed remote access ports (SSH servers) were identified as being vulnerable to brute-force attacks.
SSL Misconfigurations, caused by improper setup or management of SSL certificates, can lead to vulnerabilities within a network and an entry route for hackers. Moreover, Paris 2024 had 31 domains (5.8%) with invalid SSL and 86 domains (16%) with no SSL.
Security header issues were also identified as of the 294 associated websites, 257 had this particular problem. When a browser accesses a website, it sends request headers to the server, which responds with HTTP response headers. Security headers, vital to the HTTP protocol, enable information exchange between the client and server, crucially protecting websites from common attacks like XSS, code injection, and clickjacking.
Over 20 cookie consent violations were present for Paris 2024. Cookies track users, however, there are certain rules and regulations around how a business can use them, often differing depending on the user's location. For example, GDPR is the most used legal basis for end-user consent to cookies.
Signs of domain squatting or cybersquatting. This is the purchasing or registering of domains to illicitly profit from an organization's trademark. This leads to deceptive websites that appear legitimate and are often created to generate illegal profits, either directly or indirectly. These sites may compromise user security by stealing information such as passwords or credentials for sale on the dark web.
Other risks and cyber hygiene issues included: 404s and empty pages, outdated software and technologies and one set of leaked credentials that had been stolen by the LUMMAC2 malware.
"While we found several attack surface risks to analyze, it would be fair to say the overall cybersecurity posture of the Paris 2024 Olympic Games was good," said Stijn Vande Casteele, CSO of Outpost24's EASM.
"A few years ago, we analyzed the attack surface of FIFA's 2018 Russia World Cup, which had an alarming number of outdated hosts and potential entry points into their infrastructure.
"In comparison, it's clear more cybersecurity efforts have been taken by the Paris 2024 cybersecurity team. But even though we'd consider the Paris 2024 games as a ?good' example of how to manage an attack surface, it isn't perfect (as perfection rarely exists with cybersecurity). The risks we'll explore in the next section highlight the value of having an EASM solution in place to automatically pick up on the attack surface risks that inevitably fall through the gaps," he explained.
The Sweepatic EASM tool is a cloud-based platform designed to monitor an organization's expanding attack surface. Through automatic data collection, enrichment, and AI-driven analysis, the solution evaluates both known and unknown internet-facing assets for vulnerabilities and potential attack routes. Straightforward and effective remedial measures to address any security weaknesses are then provided.
Outpost24 helps organizations improve cyber resilience with a complete range of Continuous Threat Exposure Management (CTEM) solutions. Outpost24's intelligent cloud platform unifies asset management, automates vulnerability assessment, and quantifies cyber risk in business context. Executives and security teams around the world trust Outpost24 to identify and prioritize the most important security issues across their attack surface to accelerate risk reduction. Founded in 2001, Outpost24 is headquartered in Sweden and the US, with additional offices in the UK, Netherlands, Belgium, Denmark, France, and Spain. Visit https://outpost24.com/ for more information.
Pixfra Technology's 2024 launch, the Mile 2: New Miles to Go, has won the German Red Dot Design Award. This advanced thermal monocular is crafted for outdoor use, search and rescue, and hunting, setting new precision standards with its minimalist...
Museums hold the power to freeze time. Wandering through these tributes to the past, visitors are transported across history, from imagining the lives of our prehistoric ancestors and marvelling at the vibrant creativity of contemporary artists, to...
Chicago Fire FC today provided notice of a breach that impacted the Club's IT systems. In October 2023, the Fire's early detection monitoring discovered an external user had gained unauthorized access to the Club's systems, including records...
International Game Technology PLC ("IGT") announced today that its IGT PlaySports Trading Advisory Services Team is now supporting sports betting in Michigan via a new services agreement with the Lac Vieux Desert Northern Waters Casino & Resort in...
To accelerate the development of Shanghai as an international consumption hub, attract more foreign consumers, and expand the market while providing a more diverse and enriching consumer experience, the 55@Shanghai Destination of Shopping global...
NHRA announced today an exciting and landmark step forward for the company with the launch of PlayNHRA, an innovative new initiative that will provide fans opportunities to engage in fantasy games, gaming, and betting for NHRA Mission Foods Drag...