Story image

Winter Olympics hacked: Was it just disruptive or something more sinister?

13 Feb 18

The Winter Olympics recently found themselves in hot water after falling victim to a cyberattack.

Shortly before the opening ceremony last Friday the stadium’s WiFi and the official Pyeongchang 2018 site (among others) stopped working, with users unable to access information or print tickets.

It wasn’t until 12 hours later when the website was brought back up and running at 8am on Saturday.

While there is growing speculation that the cyberattack could be a jab from Russia in response to the fact the Russian Olympic committee and nearly 200 Russian athletes were banned from the games in December because of state-sponsored doping at the Sochi games in 2014, Pyeongchang 2018 spokesperson Sung Baik-you refused to comment on the matter.

“There was a cyber-attack and the server was updated yesterday during the day and we have the cause of the problem,” he says.

“They know what happened and this is a usual thing during the Olympic Games. We are not going to reveal the source. We are taking secure operations and, in line with best practice, we’re not going to comment on the issue because it is an issue that we are dealing with.”

The malware believed to have been used has now been identified by Cisco Talos and dubbed ‘Olympic Destroyer’, as the malware appears only destructive in functionality. It aims to render machines unusable by deleting shadow copies, event logs and trying to use PsExec & WMI to further move through the environment – this has been seen in both BadRabbit and Nyetya.

However, Exabeam chief security strategist Stephen Moore says while many believe this malware was created for destructive purposes only, it could in fact be a diversion tactic for future gain.

“The malware clears security logs, deletes backups, stops services and steals both browser and system-level credentials. Once the assets are harvested for their accounts, they are made inert and void of investigative value,” says Moore.

“The fascinating part of Olympic Destroyer is its worm-like capabilities for internal propagation. From the infected machine, it grabs the names of the other systems in the current network. This, combined with system credential theft, provides a virtual 'fast lane' for a rapid proliferation across the network and widespread compromise. Without proper logging, visibility and activity analytics, the future stages of the attack could go unnoticed."

The International Olympic Committee’s head of communications Mark Adams says while he personally doesn’t know who was behind the attack, there will be a full report that eventually will be made public.

Oracle Java Card update boosts security for IoT devices
"Java Card 3.1 is very significant to the Internet of Things, bringing interoperability, security and flexibility to a fast-growing market currently lacking high-security and flexible edge security solutions."
Sophos hires ex-McAfee SVP Gavin Struther
After 16 years as the APAC senior vice president and president for McAfee, Struthers is now heading the APJ arm of Sophos.
Half of companies unable to detect IoT device breaches
A Gemalto study also shows that the of blockchain technology to help secure IoT data, services and devices has doubled in a year.
Huawei founder publically denies spying allegations
“After all the evidence is made public, we will rely on the justice system.”
Malware downloader on the rise in Check Point’s latest Threat Index
Organisations continue to be targeted by cryptominers, despite an overall drop in value across all cryptocurrencies in 2018.
IoT breaches: Nearly half of businesses still can’t detect them
The Internet of Thing’s (IoT’s) rapid rise to prominence may have compromised its security, if a new report from Gemalto is anything to go by.
Carbon Black: What does cybersecurity have in store for 2019?
Tom Kellerman has shared five insights for the year ahead, including a particularly bold one.
Hands-on review: The Ekster Wallet protects your cards against RFID attacks
For some time now, I’ve been protecting my credit cards with tinfoil. The tinfoil hat does attract a lot of comments, but thanks to Ekster, those days are now happily behind me.