This blog is authored by Neil Jenkins (CTA) and Kendall McKay (Cisco Talos, and lead author on the Threat Assessment)
Today, the Cyber Threat Alliance (CTA) released the 2020 Summer Olympics Threat Assessment (updated April 2021), our first event-specific threat report focused on cyber risks to this summer’s Tokyo Games. This report was written by CTA’s Olympics Cybersecurity Working Group, which is comprised of representatives from Cisco Talos, Fortinet, NEC Corporation, NTT Security, Palo Alto Networks, and Radware. Other CTA members provided data, analysis, and review of the Threat Assessment.
The two most concerning threats identified in the report are the possibilities of disruptive cyber attacks and disinformation campaigns conducted by nation-state actors from Russia, North Korea, or China. This assessment is based on historical cyber incidents affecting the Olympics and our understanding of these actors’ motivations and capabilities. We judge that current events, territorial disagreements, and historical tensions may further motivate them to conduct cyber operations that disrupt the Games and harm Japan’s reputation on the world stage. As is typical, we suspect that any nation-state actor will attempt to make public attribution of their attacks difficult to attribute using obfuscation and false flag techniques.
Of these threats, we judge activity sanctioned by the Russian government to be the most probable. Russia’s cyber attack history, combined with its tendency to respond in kind to perceived aggression, suggests Moscow will conduct threat activity in response to WADA’s latest decision to ban Russia from the 2020 Games. According to WADA’s December 2019 decision, Russian athletes will compete under a neutral banner and neither Russia’s flag nor anthem will be featured in Tokyo this summer. In addition, the country’s ongoing territorial dispute with Japan over the Kuril Islands may further heighten the Russian government’s motivation to attempt to disrupt the Games.
CTA members also note that the 2020 Summer Olympics will be a prime target for cyber criminals due to the large number of potential victims leveraging online systems and tourists’ poor cybersecurity awareness. Potential attendees are already facing scams and other criminal activity in the lead up to the Olympics. We also expect cybercriminals to leverage Olympics-themed phishing emails to lure victims and increase infection rates, although we note that prevention of these scams is not always the responsibility of the Organizing Committee.
Athletes, residents, tourists, and spectators should be attentive to their cyber hygiene before, during, and after the Games. Exercising such vigilance will help minimize personal risk from cybercrime. Malicious activities that will target spectators and athletes may include Wi-Fi-enabled compromises of personal information, ticketing scams, ATM fraud, and mobile malware exploitation.
Following good cybersecurity practices and executing them as efficiently as possible is the most effective defense against these activities. The Japanese government, critical infrastructure providers, Olympics-affiliated businesses, and the Tokyo Organizing Committee should ensure they know what systems are on their networks, regularly patch those systems, segment networks when possible, and enable multi-factor authentication. Not only will these actions significantly raise defenses against less-sophisticated threat actors, but more sophisticated nation-states will be forced to expend more resources to accomplish their goals. Information sharing, coordinated cybersecurity planning, and regular examination of mission-critical systems should similarly be a priority.
The Japanese government, as well as the country’s private sector, have taken numerous positive steps towards strengthening the national cybersecurity posture. Japanese Prime Minister Shinzo Abe appears to be using the country’s role in hosting the Games as an opportunity to renew urgency in developing Tokyo’s cybersecurity capacity. However, deep-rooted problems in both corporate and governmental approaches to cybersecurity will be difficult to remedy in the few months before the Opening Ceremony.
These problems are not unique to Japan and are common in many countries that rely on information technology to deliver services and drive the economy. Still, Japan’s private sector readiness lags behind its U.S. and European counterparts, leaving cybersecurity shortfalls that may affect the country’s ability to detect, defend against, and respond to cyber threats during the Games.
The cybersecurity community, Tokyo 2020 organizers, and the public should be prepared for the possibility that adversaries might see the Games as an even more attractive target in light of the diverse and plentiful cyber challenges on the horizon. CTA members are committed to working together as responsible partners with the various stakeholders of the 2020 Olympic Games to protect end-users, disrupt malicious actors, and elevate overall cybersecurity.