Story image

Winter Olympics hacked: Was it just disruptive or something more sinister?

13 Feb 2018

The Winter Olympics recently found themselves in hot water after falling victim to a cyberattack.

Shortly before the opening ceremony last Friday the stadium’s WiFi and the official Pyeongchang 2018 site (among others) stopped working, with users unable to access information or print tickets.

It wasn’t until 12 hours later when the website was brought back up and running at 8am on Saturday.

While there is growing speculation that the cyberattack could be a jab from Russia in response to the fact the Russian Olympic committee and nearly 200 Russian athletes were banned from the games in December because of state-sponsored doping at the Sochi games in 2014, Pyeongchang 2018 spokesperson Sung Baik-you refused to comment on the matter.

“There was a cyber-attack and the server was updated yesterday during the day and we have the cause of the problem,” he says.

“They know what happened and this is a usual thing during the Olympic Games. We are not going to reveal the source. We are taking secure operations and, in line with best practice, we’re not going to comment on the issue because it is an issue that we are dealing with.”

The malware believed to have been used has now been identified by Cisco Talos and dubbed ‘Olympic Destroyer’, as the malware appears only destructive in functionality. It aims to render machines unusable by deleting shadow copies, event logs and trying to use PsExec & WMI to further move through the environment – this has been seen in both BadRabbit and Nyetya.

However, Exabeam chief security strategist Stephen Moore says while many believe this malware was created for destructive purposes only, it could in fact be a diversion tactic for future gain.

“The malware clears security logs, deletes backups, stops services and steals both browser and system-level credentials. Once the assets are harvested for their accounts, they are made inert and void of investigative value,” says Moore.

“The fascinating part of Olympic Destroyer is its worm-like capabilities for internal propagation. From the infected machine, it grabs the names of the other systems in the current network. This, combined with system credential theft, provides a virtual 'fast lane' for a rapid proliferation across the network and widespread compromise. Without proper logging, visibility and activity analytics, the future stages of the attack could go unnoticed."

The International Olympic Committee’s head of communications Mark Adams says while he personally doesn’t know who was behind the attack, there will be a full report that eventually will be made public.

The attack surface: 2019's biggest security threat
As businesses expand, so does their attack surface – and that may be the biggest cybersecurity risk of them all, according to Aon’s 2019 Cyber Security Risk Report.
Opinion: Cybersecurity as a service answer to urgent change
Alan Calder believes a CSaaS model can enable a company to build a cyber resilience strategy in a coherent and consistent manner.
New threat rears its head in new malware report
Check Point’s researchers view Speakup as a significant threat, as it can be used to download and spread any malware.
Oracle updates enterprise blockchain platform
Oracle’s enterprise blockchain has been updated to include more capabilities to enhance development, integration, and deployment of customers’ new blockchain applications.
Used device market held back by lack of data security regulations
Mobile device users are sceptical about trading in their old device because they are concerned that data on those devices may be accessed or compromised after they hand it over.
Gartner names ExtraHop leader in network performance monitoring
ExtraHop provides enterprise cyber analytics that deliver security and performance from the inside out.
Symantec acquires zero trust innovator Luminate Security
Luminate’s Secure Access Cloud is supposedly natively constructed for a cloud-oriented, perimeter-less world.
Palo Alto releases new, feature-rich firewall
Palo Alto is calling it the ‘fastest-ever next-generation firewall’ with integrated cloud-based DNS Security service to stop attacks.