Opening Ceremonies under cyberattack
As the 2018 Winter Olympics commenced with the opening ceremony on Friday in South Korea, the Pyeongchang Organizing Committee was rattled by a cyberattack on their servers. An unidentified cybercriminal hacked and infiltrated the network, downing some computer systems for multiple hours during opening ceremonies. Dubbed ‘Olympic Destroyer’, the malware had no effect on the security or safety of any spectators or athletes, but did shut down the Pyeongchang Olympics website, inconveniencing thousands of fans that purchased tickets online. The attack also killed the WiFi in many locations throughout the large facility complex, and threatened to cancel drone shows that were years in the planning.
In a detailed blog post by researchers at Cisco’s Talos, they described the strain as able to jump from machine to machine with worm-like capabilities, deleting information and ultimately disabling the device. The post goes on to point out some resemblances to other strains we’ve recently seen, including Not-Petya, which was covered in a previous post by SIM2K. This particular malware variant was designed to be stealthy, fast and destructive. "They wanted to do as much damage as they could, as fast as they could," Said Talos research director Craig Williams. They also discovered that the malware was timed specifically to coincide with the opening ceremony, indicating an extremely targeted and focused effort. "Anything like this with harvested data, prepackaged to target those systems, is not amateur hour," Says Talos researcher Warren Mercer. "It’s a targeted campaign designed to accomplish very specific tasks."
Details of who is behind the attack have not been released, but most speculations include Russia and North Korea. Many argue Russia has a clear incentive, having been banned from competing in this year’s events, and that puts them as the leading suspect. Still, researchers and officials alike have declined to identify a culprit, and it is expected that they will continue to do so moving forward in an effort to not disrupt Olympic camaraderie.
Top intelligence officials acknowledge Russia's presence as 2018 midterms approach.
According to top American intelligence officials, Russia has already made attempts to meddle with the 2018 midterm elections. At a Senate panel this last Tuesday, officials warned that Moscow has deployed a digital strategy that is intended to widen political and social divides by using phony social media accounts to spread disinformation. "There should be no doubt that Russia perceived its past efforts as successful and views the 2018 midterm elections as a potential target for Russian influence operations," Said Director of National Intelligence Dan Coats. Russian influence operations refers to a strategy of spreading both real and fake information on social media and elsewhere in an attempt to intensify societal divides. Furthermore, there is a vital need to fortify the defenses of State-operated electoral systems, which were regarded as “highly vulnerable” in 2016. To do this, the Department of Homeland Security says it is going to provide real-time intelligence on threats to local and state election officials, and coordinate more collaborative information sharing. Other planned defenses offered by the panel included enhancing online security for voters, hardening voter databases, and creating new standards for voting equipment. It’s no doubt that the U.S. government will definitely have their hands full as they shore up their security defenses and attempt to halt the spread of disinformation as the 2018 midterms approach.
Speaking to the Senate Intelligence Committee, Dan Coats called for a national cry to alert Americans to the inevitable Russian propaganda being spread. “We need to inform the American people that this is real. That this is going to happen, and the resilience needed for us to stand up and say, ‘We’re not going to allow some Russian to tell us how to vote, how we ought to run our country.’” He went on to point out that this activity was pervasive, and extended beyond the United States and into Europe. Clearly, the age of cyber-war is here, and it is being waged more ferociously every day. If you don’t have the measures in place to protect your business from cybercriminals, computer hackers and Malware- contact us today.
Tom X. McShane
Follow us on Facebook!
Read more on these topics: