SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Story image
Surprise - the PyeongChang Winter Olympic Games were hacked
Mon, 12th Feb 2018
FYI, this story is more than a year old

Despite warnings and predictions that it may be a target, the 2018 PyeongChang Winter Olympics has suffered what may have been an inevitable cyber hack.

Echoing the industry's adage of ‘it's not a matter of if an attack happens, but when', Games organisers have reportedly admitted that its servers had been attacked, forcing them to shut down the official website.

Other issues plagued the Games, including WiFi breakdowns and the internal internet went offline. On top of that, a fleet of drones was unable to perform at the opening ceremony.

However none of the issues have compromised security of the athletes and spectators at the games, organisers say.

CrowdStrike VP of intelligence Adam Meyers discovered threats unique to the Olympics. He explains:

"CrowdStrike Intelligence identified several samples of a previously unknown malware family that appears to be designed for the purpose of data destruction. The earliest samples were seen on 9 February 2018, on the day of the opening ceremony for the 2018 Olympic Winter Games."

"All discovered files have the same PE build timestamp of 2017-12-27 11:39:22 UTC and contain sets of hard-coded credentials that allow them to propagate in a target network. These credentials belong to multiple target entities involved in running computer and network infrastructure for the Olympic Winter Games."

"Telemetry data confirms that several threat actors had access through malicious backdoors to organizations adjacent to targets observed in this campaign; however, it is unknown whether this access was used to deliver the destructive payload."

"In November and December 2017, CrowdStrike Intelligence observed credential harvesting activity against an entity operating in the international sporting sector and attributed it to Russian threat actor FANCY BEAR with medium confidence."

"While there is currently no confirmed connection between this activity and the destructive attack, a similar reconnaissance phase was likely carried out in preparation of this recent operation."

According to security firm McAfee, the Games have also been targeted by ‘malicious documents' a few days prior to the opening ceremony.

“A new document contained the same metadata properties as those related to Operation GoldDragon and sought to gain persistence on systems owned by organizations involved with the Winter Games,” comments McAfee Advanced Threat Research senior analyst Ryan Sherstobitoff.

Sherstobitoff warned of the possibility of hacks last month.

“Theoretically, if they get into the network hosting the PyeongChang email network for the Olympics, they have any number of possibilities moving inside. It depends where the networks are connected — to specific teams, committees, planners at a high level,” he said at the time.

Meanwhile, Russian cybercriminal group Fancy Bear (also known as APT28) has allegedly published emails belonging to International Olympic Committee officials, as well as officials from the World Anti-Doping Agency (WADA) and other groups.

The emails look to be dated between 2016 and 2017 and allege that officials are after money and power in the sports world.

The Russian Olympic team was banned from the 2018 Winter Games because of its doping policies that led to cheating in the 2014 and 2016 Olympics. Instead, Russian athletes are now classed as “Olympic Athlete from Russia” (OAR) in the 2018 Games.

As the 2020 Olympics in Japan edge closer, organisations are scrambling to address the cybersecurity skills shortage – a shortage that is expected to swell to almost 200,000 unfilled positions in the next three years, according to Japan's Ministry of Economy, Trade and Industry.

Cyberbit CEO Adi Dar called the Japan situation ‘a state of urgency'. Cyberbit and Ni Cybersecurity hope to train 50,000 security personnel before the 2020 Games.

The two companies opened their Toranomon Cyber Range Simulation Training Center last year.