Going for gold in the Cyber Olympics: a look at cybersecurity in Pyeongchang

High-profile events like the 2018 Winter Olympics currently taking place in Pyeongchang, South Korea, are a hot-spot for potential cybersecurity threats. Cyber criminals often use these large gatherings of people and technology as a means to steal personally identifiable information (PII) or harvest users’ credentials for financial gain.

The likelihood of these attacks taking place is now so high that US-CERT issued a bulletin ahead of this years’ Olympics reminding travellers to be aware of both cybersecurity and physical security risks – a warning we’d never have had twenty years ago.

[clickToTweet tweet=”Dubbed the ‘Olympic Destroyer’, a #cyberattack hit the #Olympics’ #computer #systems just before the 2018 Pyeongchang Games’ opening ceremony, crashing the internal #internet and #WiFi.” quote=”Dubbed the ‘Olympic Destroyer’, a cyberattack hit the Olympics’ computer systems just before the 2018 Pyeongchang Games’ opening ceremony, crashing the internal internet and Wi-Fi.”]

Despite this, it was a very different form of attack that the International Olympic Committee (IOC) needed to worry about at the start of the Games. Dubbed the ‘Olympic Destroyer’, a cyberattack hit the Olympics’ computer systems just before the 2018 Pyeongchang Games’ opening ceremony, crashing the internal internet and Wi-Fi.

What do we know so far?

While it seems as though the shutdown didn’t disrupt any of the Olympic activities or the opening ceremony itself, it has been revealed by cybersecurity researchers that the attack was aimed at data disruption and involved a brand new strain of malware which has only disruptive capabilities – similar to that of the Bad Rabbit ransomware.

From this, we can gather that the real intent of the attack was not to steal data, as originally thought, but was likely intended to disrupt the Games and bring embarrassment upon its organisers. This is where the purpose of this malware varies to the types of ransomware which proved popular for threat actors looking to make financial gains last year.

Worryingly, however, this malware follows numerous warnings to Olympics organisations after alleged Russian-endorsed cyber-attacks and phishing attacks were spotted from suspected cyber-espionage group Fancy Bear. They are also known as APT28 – the group which was condemned in 2016 for stealing information from the World Anti-Doping Agency (WADA) about US athletes and publishing it online.

Could it happen again?

It is currently unclear how these threat actors accessed the Olympic systems, however, there is a very real possibility they will be back. While the damage caused by the outage was seemingly minimal this time, the attackers apparently left a ‘calling card’ on the network, threatening a return to perform destruction, leave computer systems offline and wipe remote data.

Alongside this, researchers from McAfee’s Advanced Threat Research team have identified a new implant named Golden Dragon, which is being used to target organisations involved in the Games. Similar to an implant previously used to gain access to targeted victims’ systems and gather system information, this implant could allow threat actors to extract valuable data from the Olympic systems.

Who is the culprit?

Attribution of the attack is currently unclear and, at this point in time, it is too early to say whether this was a nation-state attack or that of someone looking to show off their cyber skills on the big stage.

Rumours are circulating about how the most obvious culprits may be North Korean or Russian threat actors, given growing tension between North Korea and the USA as well as Russia’s ban from officially competing in this year’s Winter Olympics. However, none of these theories have been confirmed.

The Fancy Bear hack team should also be considered frontrunners when it comes to attribution, following a tweet that was made in early January by the Fancy Bear Twitter account threatening the IOC and WADA. Hours after this tweet, the same account posted a link to the Fancy Bear domain which hosted leaked information including a set of apparently stolen emails that purportedly belong to officials from the IOC, the United States Olympic Committee and third-party groups associated with these organisations.

While attribution is difficult at this point in time, organisations involved in or linked to the Olympics need to be aware and prepare for another potential attack. With the motives behind these attacks unclear, it is important that cybersecurity chiefs remain focused on understanding the tactics, techniques and procedures (TTP) of a threat actor whilst keeping an eye on the evolution of threats in order to assess intent and identify potential future attacks on the Pyeongchang Games.

+ posts

Meet Stella


Related articles

Cybersecurity and Cloud: A Look Back at 2022 and What to Expect in 2023

Businesses are continuously reassessing their resources and options to fill their tech stack. In this competitive digital landscape, the innovative use of technology will be something that would generate a competitive advantage for organisations.

Shopping for Data: Ensuring a seamless user experience 

This combination can drive a business’s data culture and provide a structured approach for businesses to benefit from data intelligence across their operations, with only a few clicks.

Unveiling the Top 10 Cybersecurity Threats to Watch Out for in 2023

As technology advances, so do cybercriminals' methods to gain unauthorised access to sensitive information. With the increasing reliance on technology in both personal and professional settings, it is crucial to stay informed about the top cybersecurity threats to watch out for in 2023.

Is sustainability ‘enough’ from a Cloud perspective?

The idea of uprooting entire sustainability initiatives that took years to formulate and deploy is unsettling for businesses but, in truth, it doesn’t have to be so revolutionary.

Endpoint management: Common challenges and trends for 2023

The surge in remote work and the growing trend of using the same mobile devices for work and leisure have challenged traditional on-premise IT management

Subscribe to our Newsletter