Over the past couple of weeks, all eyes have been on the athletes competing on the world’s biggest stage at the Winter Olympic Games. However, there is one malevolent event for which there is no medal ceremony. Cybercriminals have been using the Olympics as a way to gain international notoriety. And like any fierce competitor, these malicious actors are flexing their skills to show the world exactly what they’re capable of.
It was reported that Russian hackers targeted the Olympics’ opening ceremonies with an extremely complex, well-structured cyber attack, dubbed “Olympic Destroyer”. This “worm within the Olympic infrastructure that caused a denial-of-service attack”interrupted wifi access, shut down the official PyeongChang Olympics website, and prevented people from accessing their tickets, accounts, and other information. Long story short, it completely stalled their IT systems.
Now cyber attacks are a dime a dozen, but it’s not the cyber attack itself that is worrying. What’s most unsettling about Olympic Destroyer is that it was a nation-state attack, perpetrated and supported by a government with zero budget constraints and extremely sophisticated capabilities. After being banned from this year’s Olympics with only certain athletes allowed to compete under the Olympic flag as “Olympic Athletes from Russia”, it is not unlikely that this was an act of revenge.
This is not surprising. A big motivating factor behind many cyber attacks is not necessarily data theft, but simply disruption – to cause chaos and wreak havoc on institutions, events, and organizations that people trust every day. They launch these attacks to compromise trust – not to take data, but just to show that no one is safe.
“Olympic Destroyer is designed to automatically jump from machine to machine within a target network and destroy certain data on the machine, including part of its boot record, rebooting machines and then preventing them from loading.”
Olympic Destroyer went into the network and as the worm spread, it scanned the DNS to figure out where certain information was. As it traveled laterally throughout, it found the data it was looking for, and then simply blew it up. This relatively new wave of malware does not choose between scavenging for and exfiltrating data, or destroying data – it does both.
With these things move fast and furiously, what can IT organizations do? First off, there is no silver bullet, no matter what anyone tells you. There is no singular solution or tool that will keep you 100% secure, but there are measures you can take to bolster your security posture, like backing up your data and segmenting your network. Secondly, they know your security tactics. So it’s important to get a step ahead of potential cyber attackers by applying policy controls based on the patterns within your network traffic.
It’s about anticipating their plans, knowing their movements and being cognizant of hints and insights inside your DNS data. After all, attackers design these things with you, the target, in mind,
so it’s time that you get inside their heads
NSA and CISA: Protective DNS key to network defense
U.S. cyber agencies now point to protective DNS as a defense strategy, confirming what BlueCat already knew: DNS is critical to detecting network threats.
SUNBURST/Solorigate Situation Briefing
BlueCat leaders discuss how the malware attack via SolarWind’s Orion platform exploited DNS and how BlueCat Edge could have helped to detect it.
January 21, 2021: Learn more about how the SUNBURST/Solorigate malware exploited DNS to execute its attack.
Customer situation brief on SUNBURST/Solorigate
Learn more about the attack via the SolarWinds Orion platform and how BlueCat products use DNS to help protect customers against compromises like it.