Malware at the Olympics: cybersecurity pros weigh in

If it wasn’t clear already, the weekend news out of Pyeongchang demonstrates it once more: nothing is immune from cyber attacks.

As the opening ceremony got under way, the official website for the Winter Olympics went offline. WiFi networks in the Olympic stadium and the press center crashed. Attendees found themselves unable to print out tickets or locate event venues. Reporters had difficulty filing their stories.

The likely culprit? Sophisticated “wiper” malware that was dropped into the network using stolen credentials. Once in, the malware harvested other logins and passwords, hijacked Windows tools used to scan the system, ran scripts and commands, and hid its tracks by cleaning out system and security logs,

“The timing and the nature of the attack suggest that the intent was primarily to embarrass the organizers of the Games,” says Dr. Mary Margaret Chantré, cybersecurity professor at Capitol Technology University. “Unlike many other cyber attacks, this one was not about theft of money or data. Rather, it appears intended to cause disruption and make problems for people during a high-visibility moment at the Olympics.”

On Monday (February 12), researchers from Cisco Talos Intelligence reported that the incident was likely carried out by someone with in-depth knowledge of the Pyeongchang network.

Those responsible “knew a lot of technical details of the Olympic Game infrastructure such as username, domain name, server name, and obviously password," wrote the researchers, Warren Mercer and Paul Rascagneres.

In addition to creating headaches and a potential public relations fiasco, the attackers may have had another motive, Chantre says. “The attack may also have been a way of demonstrating capabilities – of telling the world 'look what we are able to do. We can get into your networks and take them offline.'"

Want to help unmask cyber adversaries and fight attacks such as the Pyeongchang network breach? Consider enrolling in a cybersecurity degree program at Capitol Technology University. Capitol is an DHS and NSA-certified Center of Excellence in cybersecurity education, offering programs at the undergraduate, master’s and doctoral levels. For more information, contact the cybersecurity program at cybersat@captechu.edu