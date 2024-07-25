The Paris Olympics, the first in-person summer games since pandemic restrictions were lifted, is expected to attract tourists, but it is also going to be a hunting ground for cybersecurity threat actors.

Security experts are cautioning people to be aware of possible threats. For instance, an analysis of nearly 25,000 free Wi-Fi spots in Paris, the host venue for the Olympics 2024, showed that almost 25 per cent of these networks had weak or no encryption, which means that travellers using public Wi-Fi at large events like this face significant cybersecurity risks, such as data theft and identity fraud, said a report by Kaspersky.

Additionally, almost one in five (20 per cent) were configured with WPS, an outdated and easily compromised algorithm, rendering them highly susceptible to WPS attacks that could result in data loss. Only six per cent of the analysed networks used the latest WPA3 security protocol, said the note from Kaspersky.

“Like the sportspeople training for the summer of sport in France, cybercriminals have also prepared an unsavoury welcome for the millions of people heading for Paris hotels, fan zones and events. They might set up fake access points or compromise legitimate networks to intercept and manipulate data transfers. Open and misconfigured Wi-Fi networks are particularly attractive to criminals, as they enable the theft of passwords, credit card details, and other sensitive user data,” said Amin Hasbini, Head of META research unit at Kaspersky’s GReAT (Global Research and Analysis Team).

Apart from Wi-Fi vulnerabilities, the global sporting event has also attracted the eyes of phishing scammers. A Cloudflare analysis points towards a rise in phishing and malicious emails related to the Paris Olympics.

From January 2024 up to late July, the firm processed over half a million emails containing “Olympics” or “Paris 2024” in the subject, out of which 1.5 per cent were spam, and 0.2 per cent were malicious.

Further, there are possibilities of scams happening through a setup known as Wi-Fi Honeypots, which are fake Wi-Fi hotspots set up by attackers to lure unsuspecting users, say experts.

“These often have enticing names like Free Public Wi-Fi, or mimic legitimate networks (e.g., a coffee shop's Wi-Fi). Once you connect to a honeypot, attackers can easily monitor your traffic, steal your data, and even inject malware into your device,” said Ranjeeth Bellary, Partner, EY India Forensic and Integrity Services – Cyber Forensics.

Global security firm Palo Alto, in a report last month, projected that financial theft was likely to occur leading up to the Games, during the Olympics, and even persist for several weeks after the Games.

“Business Email Compromise (BEC) threat actors will likely use fear, uncertainty, and doubt of a 'missed' payment to entice victims into paying a fake invoice after the Olympics have finished,” the report says.

Further, domains spoofing the legitimate Olympics website, and fake mobile apps masquerading as transport, booking, or other planning apps are also certain to be leveraged by fraudsters during the event, cybersecurity firms say, which puts Indian users also at risk.

India is amongst the top 10 countries from where the traffic for the Paris Olympics website came in.

Cybersecurity experts say that Indian travellers going to the Olympic event are equally vulnerable to the threats.

“It's expected that a significant number of Indian citizens will attend. The increased use of digital payment methods and social media for sharing experiences can exacerbate the risks. Indian travellers should be particularly vigilant about the networks they connect to and take necessary precautions to protect their data,” said Pankit Desai, Co-founder, Sequretek - a cybersecurity firm.

Refraining from accessing banking or other sensitive accounts while on public Wi-Fi, ensuring the network is legitimate by confirming with the establishment offering it, and enabling firewalls to block unauthorised access, are some of the precautionary steps that cybersecurity researchers advise to stay protected.