French authorities have reported that over 140 cyberattacks occurred during the Paris 2024 Olympics. The French state-owned cybersecurity agency Agence Nationale de la Sécurité des Systèmes d’Information (ANSSI), in collaboration with private sector partners, implemented extensive security measures to counter the heightened threat environment. These efforts included increased monitoring, the establishment of secure networks, and comprehensive crisis-planning exercises.
Between 26th July and 11th August, ANSSI recorded 119 low-impact security events and 22 incidents where malicious actors successfully targeted information systems. The attacks primarily focused on government entities and critical infrastructure related to sports, transport, and telecommunications.
Many of these incidents were downtime events, a portion of which were caused by denial-of-service attacks designed to overwhelm servers. Other incidents involved attempts to compromise data or successfully breach systems.
According to the authorities, the scale of the cyber threat surrounding the Paris Olympics was unparalleled. Experts predicted that the Paris Games would face the most connected and complex threat landscape ever seen at an Olympics. The risks extended beyond the Games’ infrastructure to broader national assets, including transport systems and financial networks.
Cisco Systems, a cybersecurity partner for the Paris Games, anticipated eight times more attacks than those experienced during the Tokyo Olympics in 2021, which faced 450 million cyberattack attempts.
Earlier this month, a ransomware attack targeted the Grand Palais and around 40 other museums in France. However, this attack did not impact any systems linked to the Olympic games.
Ransomware, a significant threat during the Olympics, involves attackers exploiting security vulnerabilities to encrypt and block computer systems, demanding a ransom to restore access.
To prepare for the threats, ANSSI established a national service under the authority of the French prime minister to manage cybersecurity strategies for the games.
This service focused on increasing awareness of potential threats, securing critical systems, protecting sensitive data, and ensuring rapid response capabilities to cyber incidents.
Despite the extensive preparations, less than 20% of French businesses rated their cybersecurity posture as mature, highlighting ongoing challenges in fully addressing the heightened risks.
Last week, France and the UK announced an extension to their “Pall Mall Process” cyber partnership.
The two countries will begin consultations to assess the risks associated to the widespread and unregulated use of commercial cyber intrusion tools.
This review will take place within the framework of the Pall Mall Process, an international multi-stakeholder dialogue focused on developing collective responses to systemic cybersecurity threats.