Urgent Cybersecurity Risks Identified in Paris 2024 Olympic Games Online Infrastructure by Outpost24
02 Mayo 2024 - 5:00AM
Business Wire
Online infrastructure for the upcoming Paris
Olympics is in a strong position, but Outpost24’s External Attack
Surface Management (EASM) tool still revealed attack surface
risks
Outpost24, a leading provider of cyber threat exposure
management solutions, has today released its research findings
after investigating the online infrastructure of the upcoming 2024
Paris Olympic Games. The research revealed that while, overall, the
cybersecurity posture of the Olympic Games Organizing Committee
Paris 2024 site is mostly secure, it also highlighted several
risks, including open ports, SSL misconfigurations, cookie consent
violations, and domain squatting.
With global interest, it is anticipated that over 1 billion
people will be watching the Paris 2024 Olympics, with 326,000
people attending the multi-sport event which takes place from 26
July to 11 August. These events are a hotbed for cyber criminality,
especially as online web traffic is expected to rise as the
tournament draws nearer. Cybercriminals will look to capitalize on
any weaknesses to cause disruption or steal sensitive information
for monetary gain. For instance, the 2020 Tokyo Olympics
infrastructure was hit by 450 million cyberattacks – 2.5x times the
number seen just over a decade ago in London 2012.
Using its External Attack Surface Management (EASM) solution
Sweepatic, Outpost24’s report highlighted the following core
security risks with the Paris 2024 online infrastructure that would
need addressing to reduce the overall risk of a compromising
cyberattack:
- Open Ports, if not configured properly, pose a security
risk by allowing hackers to exploit vulnerabilities and access
confidential information. Two exposed remote access ports (SSH
servers) were identified as being vulnerable to brute-force
attacks.
- SSL Misconfigurations, caused by improper setup or
management of SSL certificates, can lead to vulnerabilities within
a network and an entry route for hackers. Moreover, Paris 2024 had
31 domains (5.8%) with invalid SSL and 86 domains (16%) with no
SSL.
- Security header issues were also identified as of the
294 associated websites, 257 had this particular problem. When a
browser accesses a website, it sends request headers to the server,
which responds with HTTP response headers. Security headers, vital
to the HTTP protocol, enable information exchange between the
client and server, crucially protecting websites from common
attacks like XSS, code injection, and clickjacking.
- Over 20 cookie consent violations were present for Paris
2024. Cookies track users, however, there are certain rules and
regulations around how a business can use them, often differing
depending on the user's location. For example, GDPR is the most
used legal basis for end-user consent to cookies.
- Signs of domain squatting or cybersquatting. This is the
purchasing or registering of domains to illicitly profit from an
organization's trademark. This leads to deceptive websites that
appear legitimate and are often created to generate illegal
profits, either directly or indirectly. These sites may compromise
user security by stealing information such as passwords or
credentials for sale on the dark web.
- Other risks and cyber hygiene issues included: 404s and
empty pages, outdated software and technologies and one set of
leaked credentials that had been stolen by the LUMMAC2
malware.
To view the full research report, please click here.
“While we found several attack surface risks to analyze, it
would be fair to say the overall cybersecurity posture of the Paris
2024 Olympic Games was good,” said Stijn Vande Casteele, CSO of
Outpost24’s EASM.
“A few years ago, we analyzed the attack surface of FIFA’s 2018
Russia World Cup, which had an alarming number of outdated hosts
and potential entry points into their infrastructure.
“In comparison, it’s clear more cybersecurity efforts have been
taken by the Paris 2024 cybersecurity team. But even though we’d
consider the Paris 2024 games as a ‘good’ example of how to manage
an attack surface, it isn’t perfect (as perfection rarely exists
with cybersecurity). The risks we’ll explore in the next section
highlight the value of having an EASM solution in place to
automatically pick up on the attack surface risks that inevitably
fall through the gaps,” he explained.
The Sweepatic EASM tool is a cloud-based platform designed to
monitor an organization's expanding attack surface. Through
automatic data collection, enrichment, and AI-driven analysis, the
solution evaluates both known and unknown internet-facing assets
for vulnerabilities and potential attack routes. Straightforward
and effective remedial measures to address any security weaknesses
are then provided.
To request a free EASM scan, please click here.
About Outpost24
Outpost24 helps organizations improve cyber resilience with a
complete range of Continuous Threat Exposure Management (CTEM)
solutions. Outpost24’s intelligent cloud platform unifies asset
management, automates vulnerability assessment, and quantifies
cyber risk in business context. Executives and security teams
around the world trust Outpost24 to identify and prioritize the
most important security issues across their attack surface to
accelerate risk reduction. Founded in 2001, Outpost24 is
headquartered in Sweden and the US, with additional offices in the
UK, Netherlands, Belgium, Denmark, France, and Spain. Visit
https://outpost24.com/ for more information.
View source
version on businesswire.com: https://www.businesswire.com/news/home/20240502415930/en/
Thomas Moore Eskenzi PR thomas@eskenzipr.com