Story image

Winter Olympics hacked: Was it just disruptive or something more sinister?

13 Feb 2018

The Winter Olympics recently found themselves in hot water after falling victim to a cyberattack.

Shortly before the opening ceremony last Friday the stadium’s WiFi and the official Pyeongchang 2018 site (among others) stopped working, with users unable to access information or print tickets.

It wasn’t until 12 hours later when the website was brought back up and running at 8am on Saturday.

While there is growing speculation that the cyberattack could be a jab from Russia in response to the fact the Russian Olympic committee and nearly 200 Russian athletes were banned from the games in December because of state-sponsored doping at the Sochi games in 2014, Pyeongchang 2018 spokesperson Sung Baik-you refused to comment on the matter.

“There was a cyber-attack and the server was updated yesterday during the day and we have the cause of the problem,” he says.

“They know what happened and this is a usual thing during the Olympic Games. We are not going to reveal the source. We are taking secure operations and, in line with best practice, we’re not going to comment on the issue because it is an issue that we are dealing with.”

The malware believed to have been used has now been identified by Cisco Talos and dubbed ‘Olympic Destroyer’, as the malware appears only destructive in functionality. It aims to render machines unusable by deleting shadow copies, event logs and trying to use PsExec & WMI to further move through the environment – this has been seen in both BadRabbit and Nyetya.

However, Exabeam chief security strategist Stephen Moore says while many believe this malware was created for destructive purposes only, it could in fact be a diversion tactic for future gain.

“The malware clears security logs, deletes backups, stops services and steals both browser and system-level credentials. Once the assets are harvested for their accounts, they are made inert and void of investigative value,” says Moore.

“The fascinating part of Olympic Destroyer is its worm-like capabilities for internal propagation. From the infected machine, it grabs the names of the other systems in the current network. This, combined with system credential theft, provides a virtual 'fast lane' for a rapid proliferation across the network and widespread compromise. Without proper logging, visibility and activity analytics, the future stages of the attack could go unnoticed."

The International Olympic Committee’s head of communications Mark Adams says while he personally doesn’t know who was behind the attack, there will be a full report that eventually will be made public.

SecOps: Clear opportunities for powerful collaboration
If there’s one thing security and IT ops professionals should do this year, the words ‘team up’ should be top priority.
Interview: Culture and cloud - the battle for cybersecurity
ESET CTO Juraj Malcho talks about the importance of culture in a cybersecurity strategy and the challenges and benefits of a world in the cloud.
Enterprise cloud deployments being exploited by cybercriminals
A new report has revealed a concerning number of enterprises still believe security is the responsibility of the cloud service provider.
Ping Identity Platform updated with new CX and IT automation
The new versions improve the user and administrative experience, while also aiming to meet enterprise needs to operate quickly and purposefully.
Venafi and nCipher Security partner on machine identity protection
Cryptographic keys serve as machine identities and are the foundation of enterprise information technology systems.
Machine learning is a tool and the bad guys are using it
KPMG NZ’s CIO and ESET’s CTO spoke at a recent cybersecurity conference about how machine learning and data analytics are not to be feared, but used.
Seagate: Data trends, opportunities, and challenges at the edge
The development of edge technology and the rise of big data have brought many opportunities for data infrastructure companies to the fore.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.