Story image

Winter Olympics hacked: Was it just disruptive or something more sinister?

13 Feb 18

The Winter Olympics recently found themselves in hot water after falling victim to a cyberattack.

Shortly before the opening ceremony last Friday the stadium’s WiFi and the official Pyeongchang 2018 site (among others) stopped working, with users unable to access information or print tickets.

It wasn’t until 12 hours later when the website was brought back up and running at 8am on Saturday.

While there is growing speculation that the cyberattack could be a jab from Russia in response to the fact the Russian Olympic committee and nearly 200 Russian athletes were banned from the games in December because of state-sponsored doping at the Sochi games in 2014, Pyeongchang 2018 spokesperson Sung Baik-you refused to comment on the matter.

“There was a cyber-attack and the server was updated yesterday during the day and we have the cause of the problem,” he says.

“They know what happened and this is a usual thing during the Olympic Games. We are not going to reveal the source. We are taking secure operations and, in line with best practice, we’re not going to comment on the issue because it is an issue that we are dealing with.”

The malware believed to have been used has now been identified by Cisco Talos and dubbed ‘Olympic Destroyer’, as the malware appears only destructive in functionality. It aims to render machines unusable by deleting shadow copies, event logs and trying to use PsExec & WMI to further move through the environment – this has been seen in both BadRabbit and Nyetya.

However, Exabeam chief security strategist Stephen Moore says while many believe this malware was created for destructive purposes only, it could in fact be a diversion tactic for future gain.

“The malware clears security logs, deletes backups, stops services and steals both browser and system-level credentials. Once the assets are harvested for their accounts, they are made inert and void of investigative value,” says Moore.

“The fascinating part of Olympic Destroyer is its worm-like capabilities for internal propagation. From the infected machine, it grabs the names of the other systems in the current network. This, combined with system credential theft, provides a virtual 'fast lane' for a rapid proliferation across the network and widespread compromise. Without proper logging, visibility and activity analytics, the future stages of the attack could go unnoticed."

The International Olympic Committee’s head of communications Mark Adams says while he personally doesn’t know who was behind the attack, there will be a full report that eventually will be made public.

What MSPs can learn from Datto’s Channel Ransomware Report
While there have been less high profile attacks making the headlines, the frequency of attacks is, in fact, increasing.
Cisco expands security capabilities of SD­-WAN portfolio
Until now, SD-­WAN solutions have forced IT to choose between application experience or security.
AlgoSec delivers native security management for Azure Firewall
AlgoSec’s new solution will allow a central management capability for Azure Firewall, Microsoft's new cloud-native firewall-as-a-service.
How to configure your firewall for maximum effectiveness
ManageEngine offers some firewall best practices that can help security admins handle the conundrum of speed vs security.
Exclusive: Why Australian enterprises are prime targets for malware attacks
"Only 14% of Australian organisations are continuously training employees to spot cyber attacks."
Exclusive: Why botnets will swarm IoT devices
“What if these nodes were able to make autonomous decisions with minimal supervision, use their collective intelligence to solve problems?”
Bitdefender announces security integration with Kaseya
The new partnership will allow VSA by Kaseya’s cloud and on-premises users to deploy and manage security with Bitdefender Cloud Security for MSPs.
Why you should leverage a next-gen firewall platform
Through full lifecycle-based threat detection and prevention, organisations are able to manage the entire threat lifecycle without adding additional solutions.