The world of sports has always been a spectacle of talent, passion, and competition. However, as the digital age advances, so does the complexity of threats surrounding these global events. The 2023 Rugby World Cup in France was no exception. As teams battled it out on the field, a different kind of contest was unfolding in the shadows – a cyberwar.
This article, drawing insights from the “Major Sporting Events in France Threat Assessment 2023” ANSSI report (the french Governmental Cyberdefense Organization), delves deep into the intricate web of cyber threats, crimes, and espionage that surrounded the event. From state-sponsored attacks to criminal enterprises seeking a quick profit, the digital realm became as heated as the matches themselves.
The Rise of Cyber Threats in Sports Events
As global sporting events like the Rugby World Cup gain prominence, they also become prime targets for cyber-attacks. The reasons are manifold: political motivations, financial gains, or simply to cause chaos. The 2023 event witnessed a surge in digital threats, from DDoS attacks to phishing campaigns, from loosely executed to meticulously planned.
The ANSSI report highlighted the involvement of state actors in cyber espionage. These actors aimed to gather intelligence, not just on the teams, but on the political and economic scenarios tied to the event. The World Cup became a chessboard where nations played their digital moves discreetly.
For exemple in 2016, Fancy Bear (a.k.a. APT28, Sofacy Group or many other alias) has been linked to various cyberattacks, including those targeting the World Anti-Doping Agency (WADA). The group was accused of hacking into WADA’s databases and leaking confidential medical records of several athletes. This leak was seen as retaliation for WADA’s recommendation to ban all Russian athletes from the 2016 Rio Olympics due to state-sponsored doping. The strain of attacks of APT28 targeting anti-doping organization during sports events continue, with occurence spotted in 2018 and 2019. Other advanced threat actors, such as Gaza Cybergang, have also been spotted targetting sports federation and olympics entities.
It wasn’t just nations that were active; criminal enterprises saw the event as a golden opportunity. With millions of fans accessing online platforms for tickets, merchandise, and live streaming, the potential for scams, frauds, and data breaches is immense.
Major Cyber Threats Events
Cybercrime – All about quick gain
The popularity of major sporting events attracts a wide audience, making it a favorable context for cybercriminals to conduct attacks for lucrative purposes. Spectators could be targeted by scam attempts well before the Olympic and Paralympic Games. In the past, attackers have exploited the opportunity of ticket sales openings for major sporting events to create fake sites, allowing them to collect personal and banking data. Major sporting events like the Olympics or World Cups are venues for unsolicited email campaigns aimed at selling counterfeit tickets. These campaigns can also be used for phishing purposes, as these events attract the attention of a broad audience. Phishing remains one of the preferred vectors of compromise for attackers.
Ransomware attacks are a significant concern. These attacks involve encrypting the victim’s data and demanding a ransom to decrypt it. The report emphasizes that the short duration of major sporting events significantly increases the criticality of service continuity and, therefore, the availability of information systems. This makes them prime targets for ransomware attacks, as any disruption can have immediate and severe consequences.
DDoS (Distributed Denial of Service) attacks aim to overwhelm a system, making it inaccessible. Threat actors might use the threat of DDoS or the disclosure of sensitive data as a form of blackmail. Given the high visibility of major sporting events, any disruption can tarnish the image of the host country and have negative economic repercussions.
Cybercriminals can monetize stolen data in various ways. The report suggests that spectators, athletes, and organizers are at risk of scams, extortion attempts, and theft and resale of data. The data can be sold on the dark web or used for other malicious purposes, such as identity theft or fraud. The high visibility and financial stakes make these events prime targets for cybercriminals. The potential for ransomware and DDoS attacks, combined with the lucrative opportunity to monetize stolen data, underscores the need for robust cybersecurity measures during such events.
Influence & Destabilization – The attack is the finger pointing at the moon
The geopolitical context, especially with the invasion of Ukraine by Russia that began in February 2022, can create a favorable environment for conducting cyberattacks. The participation of Russia in the 2024 Olympics remains uncertain, and the positions taken by participating countries expose the event to cyberattacks as retaliation measures. The exclusion of Russia from the 2018 Olympics due to doping allegations of athletes, according to the US, UK, and Canadian governments, likely motivated attacks for destabilization purposes by attacker groups linked to Russian military intelligence (GRU).
The political and social context in France at the time of the sporting events can also influence potential attacks for political claim purposes. The Covid-19 epidemic has also highlighted the potential effects of a health crisis on major sporting events, affecting the nature and extent of the attack surface of the Tokyo (2020) and Beijing (2022) Olympics. For the hosting country, it may also be the occasion for Cyber Grassroots Movements or State-Organized Hacktivism to leverage the visibility of the events to pass ideological messages.
The ANSSI report underscores the heightened risk of wiper cyber sabotage during significant sporting events like the World Cup. Sabotage, in this context, pertains to intentional efforts to disrupt or destroy digital systems and networks. The implications of such attacks are profound, especially when the seamless operation of various systems is paramount during these events.
Emphasizing the intricacy of interconnected systems during these events, the report warns of the cascading effects an attack might trigger. Systems governing displays, power, air conditioning, and security in sports venues are interlinked. A breach in one, such as surveillance or access controls, could jeopardize the safety of attendees.
Cyber sabotage doesn’t just pose a direct threat to infrastructure and attendees; it can also damage the host nation’s reputation and result in economic setbacks. This includes potential ticket sales losses and equipment replacement costs. The report recalls the 2018 Winter Olympics incident in Pyeongchang, where the “Olympic Destroyer” malware disrupted the opening ceremony, exemplifying the tangible risks of such attacks.
Espionnage – The political reflection of sports
Due to the high visibility and interest that major sporting events generate, they become prime targets for cyber attackers with various motivations. These attackers might aim to disrupt the activities of targeted entities, enrich themselves through cybercriminal activities, or tarnish the reputation of the host country on the international stage. Rumors of breaches in data integrity and confidentiality can have significant consequences on an entity’s reputation. Moreover, threats to sporting events are not limited to the dates of their occurrence; they can also be observed before and after the events.
Major sporting events like the World Cup or the Olympics rely on a vast array of interconnected information systems. These systems, whether they belong to the host country, event organizers, or their various partners such as subcontractors, sponsors, or other entities, play a crucial role in the smooth functioning of the event. The interconnectedness of these systems, while essential, also introduces vulnerabilities. An attack on one system can potentially propagate to other interconnected systems, leading to cascading failures.
Over time, physical management systems have been replaced by digital ones, introducing new dependencies. The boundary between physical and digital security is becoming blurred, especially with the integration of systems like building management systems that control displays, power supply, air conditioning, access controls, and surveillance in sports infrastructures. A malfunction in these systems, especially access controls and surveillance, could pose physical security threats to attendees and enable cyber-physical hybrid operation.
Beyond the immediate threat to physical assets and individuals, cyberattacks can tarnish the image of the host country and have negative economic repercussions. This includes potential revenue losses from ticket sales, the cost of replacing damaged equipment, and more. The overall experience for spectators, both in-person and online, can be severely compromised. In extreme cases, cyberattacks can even lead to the postponement or cancellation of sporting events.
Countermeasures and Future Preparedness
Collaborative Defense Mechanisms
The defense against these threats was a collaborative effort. Organizations, governments, and cybersecurity firms joined hands to monitor, detect, and mitigate threats in real-time, ensuring minimal disruption.
Educating the Masses
Awareness campaigns played a crucial role. Educating fans about potential threats, safe online practices, and how to spot suspicious activities became a cornerstone of the defense strategy.
The Road Ahead – Strengthening Cybersecurity
The 2023 Rugby World Cup served as a wake-up call. As we move forward, the emphasis on strengthening cybersecurity measures, investing in advanced technologies, and fostering international collaborations will be paramount.
The 2023 Rugby World Cup in France is not just a testament to the spirit of sports but also highlighted the evolving landscape of cyber threats. As we revel in the athletic prowess displayed on the field, it’s crucial to recognize and combat the digital adversaries lurking in the shadows. The lessons learned from this event will underscore the importance of preparedness, collaboration, and continuous evolution in the face of ever-growing cyber challenges. As fans, stakeholders, and global citizens, our role extends beyond mere spectating. We must be vigilant, informed, and proactive in safeguarding our digital world, ensuring that the spirit of sports remains untainted by the shadows of cyber crime.