Story image

Winter Olympics hacked: Was it just disruptive or something more sinister?

13 Feb 2018

The Winter Olympics recently found themselves in hot water after falling victim to a cyberattack.

Shortly before the opening ceremony last Friday the stadium’s WiFi and the official Pyeongchang 2018 site (among others) stopped working, with users unable to access information or print tickets.

It wasn’t until 12 hours later when the website was brought back up and running at 8am on Saturday.

While there is growing speculation that the cyberattack could be a jab from Russia in response to the fact the Russian Olympic committee and nearly 200 Russian athletes were banned from the games in December because of state-sponsored doping at the Sochi games in 2014, Pyeongchang 2018 spokesperson Sung Baik-you refused to comment on the matter.

“There was a cyber-attack and the server was updated yesterday during the day and we have the cause of the problem,” he says.

“They know what happened and this is a usual thing during the Olympic Games. We are not going to reveal the source. We are taking secure operations and, in line with best practice, we’re not going to comment on the issue because it is an issue that we are dealing with.”

The malware believed to have been used has now been identified by Cisco Talos and dubbed ‘Olympic Destroyer’, as the malware appears only destructive in functionality. It aims to render machines unusable by deleting shadow copies, event logs and trying to use PsExec & WMI to further move through the environment – this has been seen in both BadRabbit and Nyetya.

However, Exabeam chief security strategist Stephen Moore says while many believe this malware was created for destructive purposes only, it could in fact be a diversion tactic for future gain.

“The malware clears security logs, deletes backups, stops services and steals both browser and system-level credentials. Once the assets are harvested for their accounts, they are made inert and void of investigative value,” says Moore.

“The fascinating part of Olympic Destroyer is its worm-like capabilities for internal propagation. From the infected machine, it grabs the names of the other systems in the current network. This, combined with system credential theft, provides a virtual 'fast lane' for a rapid proliferation across the network and widespread compromise. Without proper logging, visibility and activity analytics, the future stages of the attack could go unnoticed."

The International Olympic Committee’s head of communications Mark Adams says while he personally doesn’t know who was behind the attack, there will be a full report that eventually will be made public.

Privacy: The real cost of “free” mobile apps
Sales of location targeted advertising, based on location data provided by apps, is set to reach $30 billion by 2020.
Myth-busting assumptions about identity governance - SailPoint
The identity governance space has evolved and matured over the past 10 years, changing with the world around it.
Forrester names Crowdstrike leader in incident response
The report provides an in-depth evaluation of the top 15 IR service providers across 11 criteria.
Slack doubles down on enterprise key management
EKM adds an extra layer of protection so customers can share conversations, files, and data while still meeting their own risk mitigation requirements.
Security professionals want to return fire – Venafi
Seventy-two percent of professionals surveyed believe nation-states have the right to ‘hack back’ cybercriminals.
Alcatraz AI to replace corporate badges with AI security
The Palo Alto-based startup supposedly leverages facial recognition, 3D sensing, and machine learning to enable secure access control.
Ensign and IronNet partner to create cyber analytics capabilities
The Singapore-based joint venture will form a Cyber Analytics Center for Excellence focused on securing regional enterprises from sophisticated cyber threats.
Unencrypted Gearbest database leaves over 1.5mil shoppers’ records exposed
Depending on the countries and information requirements, the data could give hackers access to online government portals, banking apps, and health insurance records.