While spectators were getting to their seats to cheer on the athletes of their home country, a cyber attack was being carefully orchestrated. This weekend, 2018 Winter Olympic organizers in Pyeongchang have confirmed that their systems had fallen victim to a cyber attack shortly before opening ceremonies on February 10th 2018. While the details to the source or type of attack are not being reported, the effects could be felt by all in attendance. The interruption of the website disabled access to ticketing information and the wifi, television, and internet at the main press center were also disrupted. From this information, what can we surmise?
How was the 2018 Winter Olympics Cyber Attack Executed?
The cyber attack was initiated by an initial stage dropper that included the ability to move laterally over the computer network by using hard-coded network credentials. The use of hard coded credentials indicates the malware author had previous knowledge of Pyeongchang’s systems. Next the dropper installs and executes a browser and system stealing component that collects internet and windows passwords. Lastly the malware runs a destructive component which destroys Windows files and attempts to render the system unusable.
Media sources are mostly reporting that the breach happened, but not how. The more we learn about security breaches, the more we can prepare for future attacks. Keep seeing, sharing, and securing.