Most Common Cyber Threats Targeting Major Events

Cybersecurity threats to large-scale events are not confined to a single physical location, unlike traditional physical security. A single cyber attacker can be anywhere in the world and still pose a significant risk to an event’s digital infrastructure. These digital threats often exploit weaknesses in human behavior and complex event coordination and organizational systems in multiple ways.

A Global Attack Surface

Cyber attacks on large events can originate anywhere, exploiting vulnerabilities from afar. A prime example is social engineering attacks. These attacks rely on psychological manipulation rather than technical system breaches. During the 2024 Paris Olympics, cybercriminals created hundreds of fraudulent ticketing websites, malicious mobile applications, counterfeit online merchandise shops and conducted multiple phishing campaigns; many even appeared as sponsored search engine ads. The attackers not only stole money but also harvested sensitive personal data, such as credit card information, names, and contact details. 

Distributed Denial of Service (DDoS) attacks also highlight the global nature of these threats. In the 2016 Rio Olympics, the hacktivist group Anonymous used DDoS attacks to take Brazilian government websites offline. These prominent events provide bad actors a highly visible platform to promote their messages or stage a protest.

The Supply Chain and Third-Party Risk

Major events are a complex ecosystem of internal teams, contractors, and numerous third-party vendors. This interconnectedness creates an enormous and often stove-piped attack surface, where individual organizations operate separate digital systems. This is especially true for organizations involved in large events, such as sports leagues, venue owners, broadcasters, and sponsors. Law enforcement agencies—responsible for event safety—often lack visibility into the different technology stacks of these participating organizations. This lack of a unified security posture makes the entire ecosystem vulnerable.

A supply chain attack offers a notable example of this vulnerability. In 2024, Ticketmaster data breach claimed the threat actor ShinyHunters had been able to gain unauthorized access to an isolated cloud database. The attack vector was compromised credentials, which reportedly belonged to an employee of a third-party vendor and lacked multi-factor authentication. This allowed the hackers to access the data stored in the Snowflake data warehouse. 

According to ShinyHunters, they stole 1.3 terabytes of data from 560 million customers. The stolen information allegedly included full names, addresses, phone numbers, email addresses, and encrypted credit card information (including the last four digits and expiration dates). 

Supply chain attacks continue to be a top priority for threat actors, with 75% of third-party breaches targeting the software and technology supply chain. This demonstrates that attackers are deliberately exploiting these critical connections to achieve their goals, and how a breach in one part of the supply chain can have cascading effects on the entire event.

Learn More: Third-party Vulnerabilities Put the Public Sector at Risk: What to Consider

Threats Against Critical Infrastructure and OT Systems

Third-party attacks are not just limited to the technology stacks of the organization’s producing, supporting, and securing these major events.  They can also be the critical infrastructure such as water treatment plants, power plants, pipelines, etc. Operational technology (OT) systems at water treatment plants are incredibly risky due to a combination of factors: the severe consequences of a breach, the unique vulnerabilities of the technology, and the insufficient security measures that are often in place. Unlike an IT breach, which might result in data theft, an OT breach can lead to real-world, physical damage with devastating public health and safety consequences. 

In May 2021, the Colonial Pipeline, the largest fuel pipeline in the U.S., was hit by a major ransomware cyber attack. The attack was carried out by a cybercriminal group called DarkSide, which gained access to the company’s network using a compromised password for an inactive account that lacked multi-factor authentication. To prevent the ransomware from spreading from its IT systems to the operational technology that controls the pipeline’s physical flow, Colonial Pipeline proactively shut down its entire pipeline network. 

The shutdown, which lasted for five days, triggered widespread panic-buying and fuel shortages across the southeastern U.S. and led to a spike in gas prices. The company paid the hackers a $4.4 million ransom in Bitcoin to regain access to its systems, highlighting the significant economic and societal impact that a cyber attack on critical infrastructure can have.

Learn More: How SRMAs Protect Critical Infrastructure From Cyber Threats

The Colliding Cyber-Physical Threat

Cyber attacks also directly impact the physical safety of event attendees and staff. For example, the Olympic Destroyer malware attack just before the 2018 Pyeongchang Winter Olympics opening ceremony wiped out data on domain controllers, which are servers that manage network security and access. This paralyzed many of the Olympic Committee’s administrative systems—from ticketing to press operations—and disabled thousands of internet-linked TVs, taking the entire official app and its ticketing function offline. The virus also disabled RFID security gates and temporarily shut down automated ski lifts at a local resort. 

Additionally, wireless network attacks like Evil Twin create malicious Wi-Fi access points that mimic the legitimate public Wi-Fi. When a user connects to the malicious network, attackers can steal credentials, inject malware, or redirect them to malicious websites. The ubiquity of public Wi-Fi at events makes this a highly effective attack vector. These types of attacks are often stealthy and go unnoticed; due to the risk of negative press, organizations rarely publicly disclose them.

While a single attacker can pose a global threat to a major event’s digital infrastructure, independent organizations’ complex web fragments the defense of that infrastructure. This creates significant challenges for cooperation between the public sector, event organizers, and commercial organizations. 

Learn More: Dataminr Cyber-physical Security Risk Readiness Assessment

The Role of Public-Private Partnerships

To counter these challenges, public-private partnerships (PPPs) offer a critical model for collaboration. The private sector owns and operates the majority of the nation’s critical infrastructure, so partnerships with government agencies are vital for national security. These partnerships foster trust and facilitate the two-way sharing of threat intelligence.

Government agencies like the Cybersecurity and Infrastructure Security Agency (CISA), the Joint Cyber Defense Collaborative (JCDC), North Atlantic Treaty Organization (NATO), EUROPOL, UK National Cyber Security Centre (NCSC), and Australian Signals Directorate (ASD) have established initiatives to work with the private sector. They aim to share information, build partnerships, and enhance cyber threat awareness, bringing public and private sector partners together to proactively gather, analyze, and share actionable cyber risk information. 

However, even with these partnerships, challenges remain. Highly sensitive and confidential data, such as financial or health, can be a barrier to collaboration as organizations may be reluctant, or not able, to share information for legal reasons. A need also exists for a mindset shift from a reactive, event-response approach to a more proactive, prevention-based strategy.

Dataminr Pulse for Cyber Risk and its Intel Agents—our unique agentic AI capability—enable organizations to adopt a preemptive cyber defense strategy. Powered by Dataminr’s AI platform, Intel Agents extend Live Briefs for real-time event summaries by autonomously enriching alerts with critical intelligence, giving cyber teams instant clarity on what’s happening, why it matters, and the right context to guide their response. Whether managing a third-party attack or mitigating a cyber-physical threat, Intel Agents help teams gain the context to take decisive, proactive measures and stay ahead of risks.