Cyber Centre publishes report on cyber threats to major international sporting events
News release
Ottawa, Ontario – May 31, 2024 - The Canadian Centre for Cyber Security (Cyber Centre) has published a bulletin detailing the cyber threats to major international sporting events. It highlights how cybercriminals, hacktivists and state-sponsored cyber threat actors may take advantage of major sporting events over the next year to fulfill their malicious goals. The bulletin is intended for all Canadians attending these types of events, including spectators, athletes and government officials, as well as organizations of all sizes associated with these events.
The bulletin warns that major international sporting events are prime targets for cybercriminals trying to make a profit because of their high profile and costly nature. The Cyber Centre assesses that cybercriminals will very likely try to extort organizations involved in or located near major sporting events through business email compromise and ransomware attacks. They may also target individuals, such as organizers and attendees, via phishing emails, malicious websites and search engine optimization (SEO) poisoning using sporting events as lures.
The bulletin states that major sporting events provide an opportunity for hacktivists to widely promote their messaging. Hacktivists may conduct cyber activities like website defacements, distributed denial-of-service (DDoS) attacks and hack-and-leak operations to cause service interruptions and get people to pay attention to their causes.
Major sporting events also provide an opportunity for state-sponsored cyber threat actors to engage in cyber espionage. They may target high-profile individuals and organizations attending or associated with the events to:
- collect sensitive personal and business information
- gather foreign intelligence
- maintain persistent access when targets return to their home countries
In addition, the bulletin provides examples of past cyber incidents related to major sporting events as well as information about the threats posed by artificial intelligence and event-specific applications.
Although events differ in their size, popularity and host nation, the types of threats they face are consistent. Canadians should take note of these threats and adopt basic cyber security best practices. The Cyber Centre regularly publishes cyber security guidance to help individuals and organizations defend against common and emerging threats.
Quotes
“Over the next year, Canada will host, attend and participate in several major international sporting events. While these provide an opportunity to showcase our athletes’ skills and our national pride on a global stage, they can also expose Canadians to increased cyber threats. Through bulletins such as this one, the Cyber Centre is raising awareness of the threats and ensuring organizations and individuals have the knowledge they need to protect their systems and their sensitive information.”
- Sami Khoury, Head of the Canadian Centre for Cyber Security
Quick facts
-
The judgements in this assessment are based on the Cyber Centre’s knowledge and expertise in cyber security and intelligence reporting from both classified and unclassified sources.
-
Business email compromise is a social engineering tactic in which cybercriminals trick victims into transferring funds to a criminal-owned account by impersonating executives or trusted third parties.
-
SEO poisoning is a tactic used to make malicious sites appear higher in search engine results. It uses a thematic lure to make them appear legitimate and increase the number of visitors, thus victims.
-
Distributed denial of service (DDoS ) is a type of cyber attack in which threat actors aim to disrupt and prevent legitimate users from accessing a networked system, service, website, or application.
-
Canadians considered to be high-profile attendees include government officials, heads of delegations, heads of sporting organizations with connections to the government, representatives of partnered private organizations and anti-doping program officials.
Associated links
- Cyber threat bulletin: Cyber threats to major international sporting events
- Baseline cyber threat assessment: Cybercrime
- Protecting your information and data when using applications
- Mobile device guidance for high profile travellers
- Don’t take the bait: Recognize and avoid phishing attacks
- Distributed denial of service attacks - Prevention and preparation
Contacts
For more information, please contact (media only):
Media relations
Communications Security Establishment
Email: media@cse-cst.gc.ca
Stay connected
Follow the Cyber Centre on X (formerly known as Twitter) and on Linkedin.
Page details
- Date modified: