FBI: Cybercriminals Eyeing Broadcast Disruption at Tokyo Olympics | Threatpost

The Tokyo Olympics, set to open Friday night, are already being targeted by threat actors — however, the Federal Bureau of Investigation’s Cyber Division has issued a chilling warning the Games’ TV broadcast is likely to be plagued by attacks, since it will be the only way to view events now that spectators have been barred due to COVID-19 concerns.

“Adversaries could use social-engineering and phishing campaigns in the leadup to the event to obtain access or use previously obtained access to implant malware to disrupt affected networks during the event,” the FBI notification said. “Social-engineering and phishing campaigns continue to provide adversaries with the access needed to carry out such attacks.”

The FBI added that in general, the Olympics will attract both run-of-the-mill cybercriminals and nation-state actors who want to “make money, sow confusion, increase their notoriety, discredit adversaries and advance ideological goals.”

The same day the FBI released its warning, the personal data of volunteers and ticket purchasers for the Tokyo Olympics was leaked online.

The 2018 PyeongChang Winter Olympics was crushed by relentless attacks, including the Olympic Destroyer attack on the Games’ Opening Ceremony, the FBI pointed out. It warned athletes, visitors, press and others to be on the look-out for spear-phishing campaigns and malicious links that could trigger ransomware, distributed denial of service (DDoS) and other cyberattacks.

ISPs, Broadcast Networks Warned

This year’s broadcast-only Games means internet service providers (ISPs) and television networks will be attractive to threat actors who might want to disrupt a global audience all at once, or hold the Games themselves hostage, the FBI said. The advisory added that law enforcement is keeping a close eye on a May breach of Fujitsu, whose clients include the Tokyo 2020 organizing committee and the Japanese Ministry of Land, Infrastructure and Tourism.

On the nation-state level, Ross Rustici, managing director at StoneTurn, pointed out that both Russia and China have incentives to disrupt this year’s games.

“The Russians are currently waging a silent war against the International Olympic Committee (IOC) following the committee’s ban on Russian participation in international sporting events, and China has recently engaged in an escalation of tensions with Japan,” Rustici said. “A cyber-strike that disrupts or otherwise reduces the spectacle of the games, especially given the all-remote nature of the experience, could be leveraged as both a diplomatic signal and a way to tarnish faith in the IOC or in Japan being a viable alternative to Chinese technology and diplomacy.”

Ransomware groups will undoubtedly be drawn into the possibility of controlling the switch to the games’ broadcast and squeezing out a massive payment to turn it back on, Rustici added.

“The heightened pressure of time-to-resolution will create additional incentives for impacted network operators to pay ransom demands quickly rather than manually restore operations,” he said.

Regardless of the outcomes, Tokyo’s ability to defend its networks is about to be put on display for the world to see, according to Rustici.

“How much activity becomes apparent to global spectators will be dependent upon how well Tokyo has been able to align its national level cyber resources to defend the most critical networks,” he said.

Check out our free upcoming live and on-demand webinar events – unique, dynamic discussions with cybersecurity experts and the Threatpost community.