How Malicious Hackers are Competing for Notoriety at the 2018 Olympics

Over the past couple of weeks, all eyes have been on the athletes competing on the world’s biggest stage at the Winter Olympic Games.

Over the past couple of weeks, all eyes have been on the athletes competing on the world’s biggest stage at the Winter Olympic Games. However, there is one malevolent event for which there is no medal ceremony. Cybercriminals have been using the Olympics as a way to gain international notoriety. And like any fierce competitor, these malicious actors are flexing their skills to show the world exactly what they’re capable of.

It was reported that Russian hackers targeted the Olympics’ opening ceremonies with an extremely complex, well-structured cyber attack, dubbed “Olympic Destroyer”. This “worm within the Olympic infrastructure that caused a denial-of-service attack”interrupted wifi access, shut down the official PyeongChang Olympics website, and prevented people from accessing their tickets, accounts, and other information. Long story short, it completely stalled their IT systems.

Now cyber attacks are a dime a dozen, but it’s not the cyber attack itself that is worrying. What’s most unsettling about Olympic Destroyer is that it was a nation-state attack, perpetrated and supported by a government with zero budget constraints and extremely sophisticated capabilities. After being banned from this year’s Olympics with only certain athletes allowed to compete under the Olympic flag as “Olympic Athletes from Russia”, it is not unlikely that this was an act of revenge.

This is not surprising. A big motivating factor behind many cyber attacks is not necessarily data theft, but simply disruption – to cause chaos and wreak havoc on institutions, events, and organizations that people trust every day. They launch these attacks to compromise trust – not to take data, but just to show that no one is safe.  

“Olympic Destroyer is designed to automatically jump from machine to machine within a target network and destroy certain data on the machine, including part of its boot record, rebooting machines and then preventing them from loading.”

Olympic Destroyer went into the network and as the worm spread, it scanned the DNS to figure out where certain information was. As it traveled laterally throughout, it found the data it was looking for, and then simply blew it up. This relatively new wave of malware does not choose between scavenging for and exfiltrating data, or destroying data – it does both.

“To guard against […] attacks, the best defense is for organizations to know their enemy.”

With these things move fast and furiously, what can IT organizations do? First off, there is no silver bullet, no matter what anyone tells you. There is no singular solution or tool that will keep you 100% secure, but there are measures you can take to bolster your security posture, like backing up your data and segmenting your network. Secondly, they know your security tactics. So it’s important to get a step ahead of potential cyber attackers by applying policy controls based on the patterns within your network traffic. 

It’s about anticipating their plans, knowing their movements and being cognizant of hints and insights inside your DNS data. After all, attackers design these things with you, the target, in mind, 

so it’s time that you get inside their heads

.

Critical conversations on critical infrastructure

Find out how your peers are managing their networks through profound change. Watch this series of live interactive discussions with IT pros & join the debate in Slack.

Join the conversation

Read more

To better see the threats on your network, try DNS

DNS is a vector used in most cyber attacks. When it comes to DNS, BlueCat can enhance visibility, detection, and containment of threats to your network.

Read more
Webinar: Threat Protection

BlueCat Solution Architect Steffen Probst discusses how intelligent security from BlueCat uses DNS to protect internal and external traffic against threats.

Read more
WFH, DOH & DNS: Keeping networks secure during unprecedented change

As we work from home, DOH (DNS over HTTPS) use is up by 1,500%. Learn what DNS tells us about network security and how BlueCat and Cisco Umbrella can help.

Read more
Domain Generation Algorithms 101

Dissecting the malware technique that keeps threat hunters guessing. For cybersecurity professionals and threat hunters, it can feel like advanced…

Read more