Story image

Surprise - the PyeongChang Winter Olympic Games were hacked

12 Feb 2018

Despite warnings and predictions that it may be a target, the 2018 PyeongChang Winter Olympics has suffered what may have been an inevitable cyber hack.

Echoing the industry’s adage of ‘it’s not a matter of if an attack happens, but when’, Games organisers have reportedly admitted that its servers had been attacked, forcing them to shut down the official website.

Other issues plagued the Games, including WiFi breakdowns and the internal internet went offline. On top of that, a fleet of drones was unable to perform at the opening ceremony.

However none of the issues have compromised security of the athletes and spectators at the games, organisers say.

CrowdStrike VP of intelligence Adam Meyers discovered threats unique to the Olympics. He explains:

"CrowdStrike Intelligence identified several samples of a previously unknown malware family that appears to be designed for the purpose of data destruction. The earliest samples were seen on 9 February 2018, on the day of the opening ceremony for the 2018 Olympic Winter Games."

"All discovered files have the same PE build timestamp of 2017-12-27 11:39:22 UTC and contain sets of hard-coded credentials that allow them to propagate in a target network. These credentials belong to multiple target entities involved in running computer and network infrastructure for the Olympic Winter Games."

"Telemetry data confirms that several threat actors had access through malicious backdoors to organizations adjacent to targets observed in this campaign; however, it is unknown whether this access was used to deliver the destructive payload."

"In November and December 2017, CrowdStrike Intelligence observed credential harvesting activity against an entity operating in the international sporting sector and attributed it to Russian threat actor FANCY BEAR with medium confidence."

"While there is currently no confirmed connection between this activity and the destructive attack, a similar reconnaissance phase was likely carried out in preparation of this recent operation."

According to security firm McAfee, the Games have also been targeted by ‘malicious documents’ a few days prior to the opening ceremony.

“A new document contained the same metadata properties as those related to Operation GoldDragon and sought to gain persistence on systems owned by organizations involved with the Winter Games,” comments McAfee Advanced Threat Research senior analyst Ryan Sherstobitoff.

Sherstobitoff warned of the possibility of hacks last month

“Theoretically, if they get into the network hosting the PyeongChang email network for the Olympics, they have any number of possibilities moving inside. It depends where the networks are connected — to specific teams, committees, planners at a high level,” he said at the time.

Meanwhile, Russian cybercriminal group Fancy Bear (also known as APT28) has allegedly published emails belonging to International Olympic Committee officials, as well as officials from the World Anti-Doping Agency (WADA) and other groups.

The emails look to be dated between 2016 and 2017 and allege that officials are after money and power in the sports world.

The Russian Olympic team was banned from the 2018 Winter Games because of its doping policies that led to cheating in the 2014 and 2016 Olympics. Instead, Russian athletes are now classed as “Olympic Athlete from Russia” (OAR) in the 2018 Games.

As the 2020 Olympics in Japan edge closer, organisations are scrambling to address the cybersecurity skills shortage – a shortage that is expected to swell to almost 200,000 unfilled positions in the next three years, according to Japan’s Ministry of Economy, Trade and Industry.

Cyberbit CEO Adi Dar called the Japan situation ‘a state of urgency’. Cyberbit and Ni Cybersecurity hope to train 50,000 security personnel before the 2020 Games.

The two companies opened their Toranomon Cyber Range Simulation Training Center last year.

SecOps: Clear opportunities for powerful collaboration
If there’s one thing security and IT ops professionals should do this year, the words ‘team up’ should be top priority.
Interview: Culture and cloud - the battle for cybersecurity
ESET CTO Juraj Malcho talks about the importance of culture in a cybersecurity strategy and the challenges and benefits of a world in the cloud.
Enterprise cloud deployments being exploited by cybercriminals
A new report has revealed a concerning number of enterprises still believe security is the responsibility of the cloud service provider.
Ping Identity Platform updated with new CX and IT automation
The new versions improve the user and administrative experience, while also aiming to meet enterprise needs to operate quickly and purposefully.
Venafi and nCipher Security partner on machine identity protection
Cryptographic keys serve as machine identities and are the foundation of enterprise information technology systems.
Machine learning is a tool and the bad guys are using it
KPMG NZ’s CIO and ESET’s CTO spoke at a recent cybersecurity conference about how machine learning and data analytics are not to be feared, but used.
Seagate: Data trends, opportunities, and challenges at the edge
The development of edge technology and the rise of big data have brought many opportunities for data infrastructure companies to the fore.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.