Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

// // //
10:00 AM
Jessica Amado
Jessica Amado
Connect Directly
E-Mail vvv

Watch for Cybersecurity Games at the Tokyo Olympics

The cybersecurity professionals guarding the Summer Olympics are facing at least as much competition as the athletes, and their failure could have steeper ramifications.

It was a close call, but the 2018 Pyeongchang Winter Olympics almost ended before it started. A harmful cyberattack threatened to cause severe disruptions to the opening ceremony and the subsequent sporting events. Fortunately, a sleepless night at the Olympics' technology operations center allowed for a speedy and efficient incident response process.

Related Content:

Cyber Athletes Compete to Form US Cyber Team

Special Report: Building the SOC of the Future

New From The Edge: An Interesting Approach to Cyber Insurance

Three years later, the threat landscape has changed, and the Tokyo Olympics is no safer than its predecessor. In fact, the heavy reliance on technology means these Olympics might be the most vulnerable Games yet. Not only is the upcoming Olympics' use of technology set to be the most innovative yet, but COVID-related audience restrictions mean spectators must keep up with events electronically. Now that there are events to keep up with, it's not only the athletes who are preparing to show off their skills.

The Gold Medal
The Olympics relies heavily on critical infrastructure, and, to many malicious actors, such entities are ideal targets. Attacking critical infrastructure can cause physical disruption when operational technology (OT) is affected. OT is the technology that interfaces with the physical world; hence, the spillover effects of an attack will cause significant damage to the real world. For this reason, there are several potential motives behind an attack on the Olympics and its related entities. The international attention the Games receives means it is the perfect target for hacktivists, terrorists, threat actors, or others to make a statement. Further, the Olympics can act as a strategic target for state-sponsored groups with a political agenda.

The Hard(ware) Truths
The motives of attackers and the value of the target mean actors carrying out such attacks will likely have advanced, sophisticated capabilities. This means organizations are not protected — even if they think they are.

Credit: lazyllama at Adobe Stock
Credit: lazyllama at Adobe Stock

Truth #1: What You See Is Not What You Get
Enterprises often genuinely believe they have a complete hardware asset inventory and, therefore, a comprehensive security approach. But this is rarely the case. In fact, more than 60% of IT managers have an incomplete inventory of their IT devices. Whether a device is unmanaged, hiding, or spoofing a legitimate one, there are serious, unintentional gaps in enterprises' hardware inventory. 

Thinking that all assets are accounted for may be more dangerous than knowing there are some gaps left open. In this situation, the enterprise will not have an effective incident response process in an attack, and the origin of the attack will be difficult, if not impossible, to determine. And, with the Tokyo Olympics relying heavily on technology, the number of devices in use will be extensive, making the risk proliferate significantly. (By point of comparison, the 2018 Winter Olympics relied on more than 10,000 PCs, more than 20,000 mobile devices, 6,300 Wi-Fi routers, and 300 servers.) Enterprises must make more concerted efforts to ensure they have a complete asset inventory by gaining visibility of all OSI layers.

Truth #2: You Undervalue Yourself
Attackers might be sophisticated, but this does not necessarily mean they use their skills to infiltrate a target directly. Sometimes, sophistication means working smarter, not harder; the supply chain allows for the former.

Highly protected targets can be very challenging to infiltrate and, thus, their less-secure suppliers are often a point of infiltration for bad actors. Either the supplier will have access to the target's confidential information or will provide the cybercriminal a pathway (via hardware or software) into the target organization. Supply chain attacks were up sevenfold in the last half of 2020, and this figure will continue rising without major reform. And, with critical infrastructure relying on large supply chains, the Olympics has many entry points. Small organizations who believe themselves to be of no value might just be the barrier (or entry point) between attackers and their target. In 2019, 66% of small and midsized businesses (SMBs) said they believed a cyberattack was unlikely, but 67% of SMBs fell victim to one. In today's interconnected environment, enterprises, no matter their size or nature of operations, must significantly expand their threat landscape awareness; the supply chain is counting on it.

An Extra Year of Training
The postponement of the Tokyo Games to 2021 gave the athletes — and the Olympics cybersecurity teams — an extra year of training. Moreover, increased attacks during the COVID-19 pandemic should have reinforced the importance of advanced cybersecurity efforts. In just a few weeks, the world will watch as athletes compete for gold. Those of us in the cybersecurity world will be watching for any signs of a possible attack. You have your thrills; we have ours.  

Jessica Amado is Head of cyber research at Sepio Systems, where she researches and covers multiple aspects of hardware-related cyber threats. She is a Regent's University London graduate with First Class Honors in Global Business Management with Leadership and Management and ... View Full Bio
Comment  | 
Print  | 
More Insights
Threaded  |  Newest First  |  Oldest First
User Rank: Author
7/6/2021 | 1:44:42 PM
Great PSA
Couldnt agree more, expecting the same
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
Developing and Testing an Effective Breach Response Plan
Whether or not a data breach is a disaster for the organization depends on the security team's response and that is based on how the team developed a breach response plan beforehand and if it was thoroughly tested. Inside this report, experts share how to: -understand the technical environment, -determine what types of incidents would trigger the plan, -know which stakeholders need to be notified and how to do so, -develop steps to contain the breach, collect evidence, and initiate recovery.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2022-12-03
A vulnerability was found in SourceCodester Book Store Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /hrm/employeeadd.php. The manipulation of the argument empid leads to sql injection. The attack may be initiated remotely. The exploit h...
PUBLISHED: 2022-12-03
A vulnerability classified as problematic has been found in SourceCodester Human Resource Management System 1.0. Affected is an unknown function of the file /hrm/employeeview.php. The manipulation of the argument search leads to cross site scripting. It is possible to launch the attack remotely. The...
PUBLISHED: 2022-12-03
A vulnerability, which was classified as problematic, has been found in Dot Tech Smart Campus System. Affected by this issue is some unknown functionality of the file /services/Card/findUser. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been ...
PUBLISHED: 2022-12-03
A vulnerability was found in Shaoxing Background Management System. It has been declared as critical. This vulnerability affects unknown code of the file /Default/Bd. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to t...
PUBLISHED: 2022-12-03
A vulnerability has been found in House Rental System and classified as critical. Affected by this vulnerability is an unknown functionality of the file search-property.php of the component POST Request Handler. The manipulation of the argument search_property leads to sql injection. The attack can ...