When it comes to big events happening around the world, the Olympics is usually near the top of the list. There, athletes have a chance to represent their nations in front of a global audience.

However, the 2021 Tokyo Olympics became a battleground not just for athletic competition, but also for cybersecurity. While the world watched the games unfold, millions of cyberattacks were thwarted behind the scenes. The successful defense by Tokyo organizers served as a cautionary tale for future large-scale events.

Fast-forward to the present, and another big event is right around the corner: UEFA Euro 2024.

UEFA Euro 2024, taking place from June 14 to July 14 in Germany, is expected to attract millions of spectators in person and online as fans prepare to cheer on familiar powerhouses like Germany, France, England and Italy. With that said, fans and event organizers do need to take care with the likes of ticket fraud and phishing attacks, DoS and DDoS attacks, deepfake technology, nation-state cyberattacks and hacktivist and terrorist attacks.

In that vein, Radware released a Cybersecurity Advisory that outlines these key cybersecurity threats expected during the tournament and what can be done to be better protected against the threats.

When it comes to ticket fraud and phishing, Radware’s (News - Alert) report points to the 2022 World Cup where this threat was prevalent. Fans do not want to be deceived and lose money or stolen information. Therefore, it is recommended that fans only purchase tickets from official UEFA channels and be cautious of emails or links offering free tickets, streaming or prize draws. It is also important to use strong, unique passwords and enable MFA (News - Alert) where possible.

DoS and DDoS attacks are also a prominent threat. From personal experience, there have been times certain online gaming services were disrupted due to these attacks, which made these online services go offline for days. But reeling it back to live broadcasting and UEFA Euro 2024, the advisory stated that these attacks could disrupt live broadcasts, stadium operations and critical infrastructure.

The advisory encourages organizations and government institutions to have extensive DDoS protection measures in place. This includes traffic monitoring and anomaly detection systems. They should also have a response plan in place to quickly address any disruptions.

Naturally, Radware did lay out some essentials within its advisory report.

Hybrid DDoS Protection combines on-premises and cloud-based solutions for real-time attack prevention. Behavioral-Based Detection pinpoints anomalies while allowing legitimate traffic, and Real-Time Signature Creation defends against zero-day attacks. Web DDoS Tsunami Protection automatically detects and mitigates high-volume encrypted attacks.

Additionally, a dedicated Cybersecurity Emergency Response Plan staffed by IoT security experts ensures a swift response during outbreaks. Proactive defense is bolstered by Intelligence on Active Threat Actors, providing real-time data on known attackers. Regular network inspections and patching further bolster defenses.

Now think if the tournament (knock on wood) was plunged into darkness. Not by a power outage, but by a digital attack. This is what a nation-state attack can do. An example was in 2018 when the PyeongChang Games were hit by the Olympic Destroyer worm. This wasn't a random act of vandalism – nation-state actors, later revealed by the UK to be Russia's GRU, disguised themselves as North Korean and Chinese hackers. The official website went dark, Wi-Fi at the stadium vanished, and broadcasts sputtered.

If a nation-state attack were to happen, collaboration with national cybersecurity agencies to protect from and respond to nation-state threats is advised. The advisory also encourages conducting security audits, tabletop exercises and red-teaming drills for extra precautions. Online platforms should be monitored at all times for planning or chattering about potential attacks.

Now, for hacktivist and terrorist attacks. This likely affects people attending the tournament in person. Radware cautions that the event presents a high-profile target for hacktivist and terrorist groups aiming to disrupt the proceedings. With the ongoing geopolitical tensions, such as the active conflicts in Ukraine and Israel, the convergence of large crowds, critical infrastructure and the presence of international figures, caution and awareness is strongly advised.

Additionally, the report laid out web application security essentials.

Full OWASP Top-10 coverage safeguards against common vulnerabilities like code injection. A low false positive rate ensures minimal disruption to legitimate users. Auto-policy generation streamlines deployment, while bot protection and device fingerprinting identify and block malicious automated attacks. 

API Security safeguards internal resources through path filtering, schema enforcement, and activity tracking. Flexible deployment options cater to diverse needs, including on-premises, out-of-path, virtual and cloud-based solutions.

It doesn’t matter if you are in the Olympiastadion in Berlin, the Volksparkstadion in Hamburg, the Arena AufSchalke in Gelsenkirchen or even at home watching the live broadcasts, digital threats will find a way to cause chaos. Especially during a big event where attackers know the world is watching. It is best to learn from the past and be overprepared for worst-case scenarios as pointed out by Radware’s advisory.