sb-as logo
Story image

Surprise - the PyeongChang Winter Olympic Games were hacked

12 Feb 2018

Despite warnings and predictions that it may be a target, the 2018 PyeongChang Winter Olympics has suffered what may have been an inevitable cyber hack.

Echoing the industry’s adage of ‘it’s not a matter of if an attack happens, but when’, Games organisers have reportedly admitted that its servers had been attacked, forcing them to shut down the official website.

Other issues plagued the Games, including WiFi breakdowns and the internal internet went offline. On top of that, a fleet of drones was unable to perform at the opening ceremony.

However none of the issues have compromised security of the athletes and spectators at the games, organisers say.

CrowdStrike VP of intelligence Adam Meyers discovered threats unique to the Olympics. He explains:

"CrowdStrike Intelligence identified several samples of a previously unknown malware family that appears to be designed for the purpose of data destruction. The earliest samples were seen on 9 February 2018, on the day of the opening ceremony for the 2018 Olympic Winter Games."

"All discovered files have the same PE build timestamp of 2017-12-27 11:39:22 UTC and contain sets of hard-coded credentials that allow them to propagate in a target network. These credentials belong to multiple target entities involved in running computer and network infrastructure for the Olympic Winter Games."

"Telemetry data confirms that several threat actors had access through malicious backdoors to organizations adjacent to targets observed in this campaign; however, it is unknown whether this access was used to deliver the destructive payload."

"In November and December 2017, CrowdStrike Intelligence observed credential harvesting activity against an entity operating in the international sporting sector and attributed it to Russian threat actor FANCY BEAR with medium confidence."

"While there is currently no confirmed connection between this activity and the destructive attack, a similar reconnaissance phase was likely carried out in preparation of this recent operation."

According to security firm McAfee, the Games have also been targeted by ‘malicious documents’ a few days prior to the opening ceremony.

“A new document contained the same metadata properties as those related to Operation GoldDragon and sought to gain persistence on systems owned by organizations involved with the Winter Games,” comments McAfee Advanced Threat Research senior analyst Ryan Sherstobitoff.

Sherstobitoff warned of the possibility of hacks last month

“Theoretically, if they get into the network hosting the PyeongChang email network for the Olympics, they have any number of possibilities moving inside. It depends where the networks are connected — to specific teams, committees, planners at a high level,” he said at the time.

Meanwhile, Russian cybercriminal group Fancy Bear (also known as APT28) has allegedly published emails belonging to International Olympic Committee officials, as well as officials from the World Anti-Doping Agency (WADA) and other groups.

The emails look to be dated between 2016 and 2017 and allege that officials are after money and power in the sports world.

The Russian Olympic team was banned from the 2018 Winter Games because of its doping policies that led to cheating in the 2014 and 2016 Olympics. Instead, Russian athletes are now classed as “Olympic Athlete from Russia” (OAR) in the 2018 Games.

As the 2020 Olympics in Japan edge closer, organisations are scrambling to address the cybersecurity skills shortage – a shortage that is expected to swell to almost 200,000 unfilled positions in the next three years, according to Japan’s Ministry of Economy, Trade and Industry.

Cyberbit CEO Adi Dar called the Japan situation ‘a state of urgency’. Cyberbit and Ni Cybersecurity hope to train 50,000 security personnel before the 2020 Games.

The two companies opened their Toranomon Cyber Range Simulation Training Center last year.

Story image
Secure Code Warrior launches offering to help developers adopt a security mindset
Secure Code Warrior, the secure coding company, has launched a new educational offering that simulates realistic situations to help developers extend their coding skills and preparedness.More
Story image
Ransomware the most common cyber threat to SMBs - report
The survey found that 60% of managed service providers report that their SMB clients have been hit as of Q3 2020. More
Story image
Video: 10 Minute IT Jams - Vectra AI exec discusses cybersecurity for Office 365
In Techday's second IT Jam with Vectra AI, we speak again with its head of security engineering Chris Fisher, who discusses the organisational impact of security breaches within Microsoft O365, why these attacks are on the rise, and what steps organisations should take to protect employees from attacks.More
Story image
Check Point a Leader in Firewall Magic Quadrant for 21st Time
It is the 21st time in the company’s history that Check Point has been named a Leader in Gartner’s Magic Quadrant for Enterprise Network Firewalls.More
Story image
How has COVID-19 transformed our perception of work?
Almost three quarters (74%) of people never want to return to pre-COVID-19, traditional work paradigms, putting more pressure on employees to adequately support and secure changing workplace environments.More
Story image
DDoS attacks surge, becoming more sophisticated
After doubling from Q1 to Q2, the total number of network layer attacks observed in Q3 doubled again — resulting in a 4x increase in number compared to the pre-COVID levels in the first quarter. More