WASHINGTON, May 4, 2021 – The Cyber Threat Alliance today announced the publication of its updated 2020 Olympics Threat Assessment Report. This report was originally released in February 2020 before the International Olympic Committee and the Government of Japan announced a delay in the summer games due to global COVID-19 pandemic. This report provides an updated assessment of the threat environment facing the Summer Olympics as well as recommendations for the Tokyo Organizing Committee as they prepare for the games. The risk and threat landscape has changed since the report was first issued in early 2020.
The Threat Assessment will help focus CTA members’ information sharing activities for the Games and will enable members to develop planning scenarios based on the threat landscape. Here are some of the highlights from the updated report:
- CTA assesses that ransomware actors may see Olympics-related entities, such as vendors or other organizations in the supply chain, as high-value targets during the Games. These entities will have little tolerance for downtime during the Games, which will make them key targets for ransomware actors seeking a quick pay day.
- CTA continues to believe that various nation state actors will conduct offensive campaigns targeting the Olympics or Olympic-related organizations to meet their strategic ends. These offensive operations could take the form of data theft and leaks, disinformation, or disruption of systems involved in the Games.
- We have updated the Threat Assessment with information released from government agencies over the past year that attributes past incidents involving the 2018 Winter Olympics to Russian actors and updated our assessments of nation state cyber activity from Russia, China, and North Korea.
- We highlight the recent Russian supply chain campaign that installed a backdoor in the SolarWinds Orion product and provided Russian intelligence actors access to thousands of government and private organizations around the world. It is highly likely that an attack on the Olympics could take similar a similar path through the supply chain, considering the high number of vendors involved with supporting various aspects of the Games.
- We highlight changes in Chinese APT behavior over the last year, including the Palmerworm/Black Tech activity, which reportedly targeted a Japanese engineering company, and the HAFNIUM activity exploiting vulnerabilities in a vast number of on-premises Microsoft Exchange Servers at organizations worldwide.
- CTA members also assess that threat actors may believe that Japan has a weakened cybersecurity posture due to a variety of ongoing domestic issues that could distract from security preparations. Threat actors may see these issues as an opportunity to conduct operations against a distracted Olympics host.
CTA recommends that anyone with responsibility for Olympics-related cybersecurity review this report for actions to further improve their security posture. Our recommendations apply not just to the Olympics, but also to any major event in which governments, companies, and corporate sponsors are involved, and which heads of state, executives, and networks defenders, must plan for and support.
This CTA Threat Assessment report showcases the value of the industry collaborating to solve the big cyber problems of today. You can download the full Threat Assessment report here: 2020 Summer Olympics Threat Assessment
“While many cyber threats to the Olympics remain the same, some have changed since we issued our first report 14 months ago. The change in expected attendance, the evolution in geopolitics, and differences in how the criminal ecosystem works all pointed toward a need for a revised assessment. That’s why we have updated our initial assessment, so that defenders can have the most up to date view from industry. Although revised, this report still showcases a core CTA strength — the ability to produce strong analytic outputs because we can draw such a wide array of viewpoints.” said Michael Daniel, President and Chief Executive Officer (CEO) of CTA.
About the Cyber Threat Alliance
CTA was founded by Check Point Software Technologies Ltd., Cisco, Fortinet, McAfee, Palo Alto Networks, and Symantec. Membership also includes ADT CAPS Infosec, Alien Labs, Anomali, Avast, Dragos, Ericom Software, Juniper Networks, K7 Computing, Morphisec, NEC Corporation, NETSCOUT, NTT Security, OneFirewall, Panda Security, Radware, Rapid7, ReversingLabs, Saint Security, Scitum, SecureBrain, SecurityScorecard, SonicWall, Sophos, TEHTRIS, Telefónica’s ElevenPaths, Verizon, and VMware. CTA is the industry’s first formally organized group of cybersecurity practitioners that work together in good faith to share threat information and improve global defenses against advanced cyber adversaries. CTA’s mission is to facilitate the sharing of actionable intelligence and situational awareness about sophisticated cyber threats to improve its members’ cyber defenses, more effectively disrupt malicious cyber actors around the world and raise the level of cybersecurity throughout the Internet and cyberspace. The alliance is continuing to grow on a global basis, enriching both the quantity and quality of the information that is being shared across the platform. CTA is actively recruiting additional regional players to enhance information sharing to enable a more secure future for all. For more information about CTA, please visit: https://www.cyberthreatalliance.org/
Media Contact: pr@cyberthreatalliance.org