With the European elections then the Paris 2024 Olympic Games, the end of the season promises to be tense and marked by extreme vigilance for cybersecurity experts. Already real for communities, health establishments and major sporting events, attacks, increasingly sophisticated, will be multiplied in the run-up to or during the Olympics for the purposes of intelligence gathering, destabilization or operations lucrative.
Since Beijing in 2008, “ all the Olympic Games have been the subject of offensive cyber operations » recall in a white paper published in January 2024, Cyber Threat Intelligence (CTI) researchers from Sekoia.io. The company of 110 people, which has just relocated its headquarters to Rennes, a bastion of cybersecurity, publishes a turnkey SOC platform (Security Operating Center)detection computer anomalies and response to attacks aimed at public organizations, large CAC 40 groups, ETIs (mid-sized companies) and SMEs (small and medium-sized companies).
Hacking campaigns, destructive malware (wiper), influence or disruption operations having an impact on the reputation of the organizing country by interrupting the availability of services for a certain time (anti-doping control, ticketing): these potential attacks, also generated by AI or by automatic emails, threaten state structures and those linked to the Olympics, as well as businesses and the public.
Vigilance of subcontractors, corporate in the blind spot
“ The Olympics will also be held in an unstable geopolitical context characterized by several ongoing conflicts (Russia-Ukraine, Israel-Hamas). Threats of malicious computer attacks are of three orders » lists David Bizeul, co-founder and Chief Scientific Officer from Sekoia.io.
“ There is espionage (with the use of destructive wipers), but also cybercrime aimed at recovering personal data from Internet users interested in the Olympics (phishing by email and SMS, fake competitions), and finally activism, which can lead to terrorism”he explains.
And to continue: “ The latter operates in particular in the information field (fake news, bot farms, fake media, etc.) on subjects linked to the Olympic Games (ecological impact, social rights). However, the organization of corporate or community events, or even the travel of a population of interest in an area where the Olympic Games are located, represents a security blind spot.” David Bizeul therefore urges all Internet users to adopt two-factor authentication. The simple use of public wifi can, for example, allow information to be collected on a mobile phone.
War in Ukraine: how Russia is trying to win the information battle
The security issue is therefore particularly vital for subcontracting players associated with the activity of the Olympic Games (manufacture and installation of gantries). They have long been alerted to the need to increase surveillance of supplies and detection of components. The proliferation of ransomware (or ransomware) has also pushed a certain number of companies to take IT risks more into account.
SMEs and VSEs, the “forgotten ones of cyber »
Via its SOC (Security Operation Center) platform which detects abnormal IT activities, Sekoia.io facilitates the integration of SOC professions into an organization, a large group or a large ETI. That’s half of his clientele. To address smaller companies (around 200 customers), it works with around fifty MSSP (Manage Security Service Provider) partners or third-party providers, such as Orange Cyberdéfense, Sopra Steria or Cap Gemini. Since 2020, the company has doubled its turnover each year and has just completed a fundraising of 35 million euros to continue its international development.
“ Over the past five years, growth has been particularly driven by MSSPs. But this is not enough, SMEs and VSEs remain somewhat forgotten in cyber, because they do not all have the means to develop their security. This has a cost » observes David Bizeul, who pleads for state-wide aid. “ A planted SME means less GDP and potential unemployment » he points out.
7 out of 10 executives in the crosshairs of hackers
In Rennes, another cyber gem has, for its part, assessed how the personal sphere of leaders could become a critical vector of cyberattacks. “ Seven out of ten managers have a high-risk cyber exposure, but this could be reduced by 68% if they identified and controlled their personal data exposed on the Internet – data exposed on social networks or already leaked on the darkweb which feeds hackers » warned the hyper-growth startup Anozr Way last year (+171% in 2023).
A software publisher specializing in the protection of managers and employees from cyber risks, she specifies that one in two managers is at high risk of identity theft given their exposed data and 70% of decision-makers face a high risk of phishing targeted through their interests and hobbies.
Netflix scam: what is behind the phishing SMS?
“ Cyberattacks are becoming more sophisticated, particularly with the advent of artificial intelligence. Protecting managers and businesses against the risks of identity theft is crucial” notes Philippe Luc, co-founder with Alban Ondrejek and president of Anozr Way, who adds: “ The porosity of uses between personal and professional lives by managers increases risks. Managers are the first targets of social engineering or trickery attacks. “.
Organized around the targeted collection of all data available in open databases (Open, Deep, Dark web and Social Media), the Anozr Way solution is based on AI and data science. The rise of cybersecurity allows the company to anticipate profitability from 2026. To accelerate its international development, in Canada and the United States, it has just raised six million euros from the European fund Hi Inov-Dentressangle, Breizh Up and BNP Développement.
