Story image

Surprise - the PyeongChang Winter Olympic Games were hacked

12 Feb 2018

Despite warnings and predictions that it may be a target, the 2018 PyeongChang Winter Olympics has suffered what may have been an inevitable cyber hack.

Echoing the industry’s adage of ‘it’s not a matter of if an attack happens, but when’, Games organisers have reportedly admitted that its servers had been attacked, forcing them to shut down the official website.

Other issues plagued the Games, including WiFi breakdowns and the internal internet went offline. On top of that, a fleet of drones was unable to perform at the opening ceremony.

However none of the issues have compromised security of the athletes and spectators at the games, organisers say.

CrowdStrike VP of intelligence Adam Meyers discovered threats unique to the Olympics. He explains:

"CrowdStrike Intelligence identified several samples of a previously unknown malware family that appears to be designed for the purpose of data destruction. The earliest samples were seen on 9 February 2018, on the day of the opening ceremony for the 2018 Olympic Winter Games."

"All discovered files have the same PE build timestamp of 2017-12-27 11:39:22 UTC and contain sets of hard-coded credentials that allow them to propagate in a target network. These credentials belong to multiple target entities involved in running computer and network infrastructure for the Olympic Winter Games."

"Telemetry data confirms that several threat actors had access through malicious backdoors to organizations adjacent to targets observed in this campaign; however, it is unknown whether this access was used to deliver the destructive payload."

"In November and December 2017, CrowdStrike Intelligence observed credential harvesting activity against an entity operating in the international sporting sector and attributed it to Russian threat actor FANCY BEAR with medium confidence."

"While there is currently no confirmed connection between this activity and the destructive attack, a similar reconnaissance phase was likely carried out in preparation of this recent operation."

According to security firm McAfee, the Games have also been targeted by ‘malicious documents’ a few days prior to the opening ceremony.

“A new document contained the same metadata properties as those related to Operation GoldDragon and sought to gain persistence on systems owned by organizations involved with the Winter Games,” comments McAfee Advanced Threat Research senior analyst Ryan Sherstobitoff.

Sherstobitoff warned of the possibility of hacks last month

“Theoretically, if they get into the network hosting the PyeongChang email network for the Olympics, they have any number of possibilities moving inside. It depends where the networks are connected — to specific teams, committees, planners at a high level,” he said at the time.

Meanwhile, Russian cybercriminal group Fancy Bear (also known as APT28) has allegedly published emails belonging to International Olympic Committee officials, as well as officials from the World Anti-Doping Agency (WADA) and other groups.

The emails look to be dated between 2016 and 2017 and allege that officials are after money and power in the sports world.

The Russian Olympic team was banned from the 2018 Winter Games because of its doping policies that led to cheating in the 2014 and 2016 Olympics. Instead, Russian athletes are now classed as “Olympic Athlete from Russia” (OAR) in the 2018 Games.

As the 2020 Olympics in Japan edge closer, organisations are scrambling to address the cybersecurity skills shortage – a shortage that is expected to swell to almost 200,000 unfilled positions in the next three years, according to Japan’s Ministry of Economy, Trade and Industry.

Cyberbit CEO Adi Dar called the Japan situation ‘a state of urgency’. Cyberbit and Ni Cybersecurity hope to train 50,000 security personnel before the 2020 Games.

The two companies opened their Toranomon Cyber Range Simulation Training Center last year.

Oracle updates enterprise blockchain platform
Oracle’s enterprise blockchain has been updated to include more capabilities to enhance development, integration, and deployment of customers’ new blockchain applications.
Used device market held back by lack of data security regulations
Mobile device users are sceptical about trading in their old device because they are concerned that data on those devices may be accessed or compromised after they hand it over.
Gartner names ExtraHop leader in network performance monitoring
ExtraHop provides enterprise cyber analytics that deliver security and performance from the inside out.
Symantec acquires zero trust innovator Luminate Security
Luminate’s Secure Access Cloud is supposedly natively constructed for a cloud-oriented, perimeter-less world.
Palo Alto releases new, feature-rich firewall
Palo Alto is calling it the ‘fastest-ever next-generation firewall’ with integrated cloud-based DNS Security service to stop attacks.
The right to be forgotten online could soon be forgotten
Despite bolstering free speech and access to information, the internet can be a double-edged sword, because that access to information goes both ways.
Opinion: 4 Ransomware trends to watch in 2019
Recorded Future's Allan Liska looks at the past big ransomware attacks thus far to predict what's coming this year.
Red Box gains compliance boost with new partnership
By partnering with Global Relay, voice platform provider Red Box is improving the security of its offerings for high-value and risk voice data.