Recalling a history of cyber-attacks targeting the Winter Olympics, the FBI has issued a fair warning to entities associated with the 2022 sporting event hosted in Beijing to prepare for malware attacks, social engineering, and data breaches.
“The FBI is warning entities associated with the February 2022 Beijing Winter Olympics and March 2022 Paralympics that cyber actors could use a broad range of cyber activities to disrupt these events,” according to the private industry notification issued yesterday by the Bureau’s cyber division.
According to the advisory, threats could include distributed denial of service (DDoS) attacks, ransomware, malware, social engineering, data theft or leaks, phishing campaigns, disinformation campaigns, and malicious insiders.
When successful, attacks can “block or disrupt the live broadcast of the event, steal or leak sensitive data, or impact public or private digital infrastructure supporting the Olympics,” the notice states.
The FBI advises Olympic participants and travelers to use temporary devices during the event because of risks associated with mobile applications developed by third parties or “untrusted vendors.”
“The download and use of applications, including those required to participate or stay in [the] country, could increase the opportunity for cyber actors to steal personal information or install tracking tools, malicious code, or malware,” the fed’s cyber division stresses. “The FBI urges all athletes to keep their personal cell phones at home and use a temporary phone while at the Games.”
The warning applies to the MY2022 official Winter Olympics app, which will be used to track the athletes’ health and travel data.
“The use of new digital infrastructure and mobile applications, such as digital wallets or applications that track COVID testing or vaccination status, could also increase the opportunity for cyber actors to steal personal information or install tracking tools, malicious code, or malware,” according to the notification.
As usual, the FBI includes a long list of recommendations to strengthen cybersecurity defenses, including:
· Patch and update operating systems and apps
· Practice good password hygiene
· Use multi-factor authentication (MFA) where possible, or set strong passwords when MFA is not available
· Implement listing policies for applications and remote access that only allow systems to execute known and permitted programs under well-established circumstances
· Implement network segmentation
· Create offline backups for critical assets
· Automatically update antivirus and anti-malware solutions and conduct regular virus and malware scans
· Monitor network traffic for unapproved and unexpected protocols
In the unfortunate case of a ransomware attack, the FBI urges entities associated with the Winter Olympics to refrain from negotiating with the attackers, as paying ransom does not guarantee files will be recovered. Refusal to pay ransom also denies attackers the resources they need to fund future attacks, the Bureau stresses.