How Malicious Hackers are Competing for Notoriety at the 2018 Olympics

Over the past couple of weeks, all eyes have been on the athletes competing on the world’s biggest stage at the Winter Olympic Games.

Over the past couple of weeks, all eyes have been on the athletes competing on the world’s biggest stage at the Winter Olympic Games. However, there is one malevolent event for which there is no medal ceremony. Cybercriminals have been using the Olympics as a way to gain international notoriety. And like any fierce competitor, these malicious actors are flexing their skills to show the world exactly what they’re capable of.

It was reported that Russian hackers targeted the Olympics’ opening ceremonies with an extremely complex, well-structured cyber attack, dubbed “Olympic Destroyer”. This “worm within the Olympic infrastructure that caused a denial-of-service attack”interrupted wifi access, shut down the official PyeongChang Olympics website, and prevented people from accessing their tickets, accounts, and other information. Long story short, it completely stalled their IT systems.

Now cyber attacks are a dime a dozen, but it’s not the cyber attack itself that is worrying. What’s most unsettling about Olympic Destroyer is that it was a nation-state attack, perpetrated and supported by a government with zero budget constraints and extremely sophisticated capabilities. After being banned from this year’s Olympics with only certain athletes allowed to compete under the Olympic flag as “Olympic Athletes from Russia”, it is not unlikely that this was an act of revenge.

This is not surprising. A big motivating factor behind many cyber attacks is not necessarily data theft, but simply disruption – to cause chaos and wreak havoc on institutions, events, and organizations that people trust every day. They launch these attacks to compromise trust – not to take data, but just to show that no one is safe.  

“Olympic Destroyer is designed to automatically jump from machine to machine within a target network and destroy certain data on the machine, including part of its boot record, rebooting machines and then preventing them from loading.”

Olympic Destroyer went into the network and as the worm spread, it scanned the DNS to figure out where certain information was. As it traveled laterally throughout, it found the data it was looking for, and then simply blew it up. This relatively new wave of malware does not choose between scavenging for and exfiltrating data, or destroying data – it does both.

“To guard against […] attacks, the best defense is for organizations to know their enemy.”

With these things move fast and furiously, what can IT organizations do? First off, there is no silver bullet, no matter what anyone tells you. There is no singular solution or tool that will keep you 100% secure, but there are measures you can take to bolster your security posture, like backing up your data and segmenting your network. Secondly, they know your security tactics. So it’s important to get a step ahead of potential cyber attackers by applying policy controls based on the patterns within your network traffic. 

It’s about anticipating their plans, knowing their movements and being cognizant of hints and insights inside your DNS data. After all, attackers design these things with you, the target, in mind, 

so it’s time that you get inside their heads

.


An avatar of the author

Anna is a passionate content writer who’s always eager to learn something new about cyber security.

Related content

Micetro 11.1 boosts DHCP management for Cisco Meraki SD-WAN

Learn how BlueCat Micetro 11.1 can help you overcome the limitations of Cisco Meraki SD-WAN devices to manage your distributed DHCP architecture.

Read more
Banner announcing BlueCat's acquisition of LiveAction, displaying both logos and the phrase "We're about to get bigger."

BlueCat acquires LiveAction to drive network modernization and optimization

BlueCat’s acquisition of LiveAction will allow customers to expand their view beyond DNS and dive deeper into the health of their network.

Read more

Simplify NIS2 compliance with DNS management

Learn whether the EU’s NIS2 requirements apply to your organization and about how DNS management and BlueCat can boost your path to compliance.

Read more

Detect anomalies and CVE risks with Infrastructure Assurance 8.4 

The Infrastructure Assurance 8.4 release features an anomaly detection engine for outliers and a CVE analysis engine to uncover device vulnerabilities.

Read more

BlueCat has acquired LiveAction

It’s official! BlueCat has acquired LiveAction’s network observability and intelligence platform, which helps large enterprises optimize the performance, resiliency, and security of their networks.