Arraya Insights | February 21, 2018
The Olympics provide the world’s best athletes with an incomparable platform upon which to show off their skills and, this year, they’ve proven an irresistible target for hackers eager to do the same. In fact, according to new evidence, the efforts to hack the Pyeongchang games were ramping up long before the first medal was even awarded. Just like a true Olympian, attackers didn’t start at the highest level. Instead, they had to work their way up.
In this case, that meant going after Atos, the official IT partner of the Pyeongchang games. Evidence suggests attackers breached Atos’ systems in December of last year. It’s believed this was the first phase of a “supply chain attack,” with attackers leveraging their foothold in Atos’ environment to gather information on, and potentially invade, the Olympics’ system. In support of this theory, researchers point to Atos employee login credentials embedded in a strain of malware called “Olympic Destroyer,” which, as the name suggests, was dispatched to inflict serious cyber damage upon the games.
Even though it hasn’t managed to destroy the iconic competition, Olympic Destroyer has certainly caused trouble for organizers. During the opening ceremony, the games’ official website was taken offline for hours, which, among other issues, disrupted ticket sales to events. Additionally, local Wi-Fi networks also went down. So far, the exact origins of Olympic Destructor are unknown. Although the usual suspects of Russia, China, and North Korea are all being considered.
How Olympic Destroyer carries out its malicious activities is unique. First, the malware scans an infected system for user credentials, taking any it uncovers and using them on other systems. This design allows it to gain entry to even more systems, maximizing its reach. As it moves, Olympic Destroyer wipes clean any and all data it encounters, potentially leading to issues like those encountered during the opening ceremony, and, in theory, much worse.
Next steps: Plug security leaks wherever they occur
Atos is no mom and pop vendor. It’s a global technology corporation with a vested interest in cyber security and yet, allegedly, it too became just another access point for attackers. In theory, once those attackers made it inside, they were able to work their way through the organization’s systems before eventually reaching a bigger fish: the Olympics. This scenario is one that has played out all too often in the cyber security space and it’s one businesses of all stripes and sizes need to keep in mind.
Still, worrying about your own IT environment and your own end users consumes enough of the workday, leaving little time behind for vendors. So, what can be done? Businesses need to ensure they have a defensive grid in place that’s ready to intercept malware, no matter its point of access. One such option is Cisco’s Advanced Malware Protection (AMP) suite. These solutions use global threat intelligence to identify and block malware intrusions in real time. Even if a file enters your network without raising any red flags, AMP will continue to monitor it in the event that it reveals its true malicious colors later on. Should that happen, AMP will alert IT and provide data on where the file came from and where it’s been on your network. With a solution such as AMP in place, your organization’s data will be that much safer – even if a piece of your supply chain falls victim to an attack.
To learn more about Cisco AMP or to discuss building or refining a holistic strategy to defend your business against today’s most dangerous attack vectors, reach out to Arraya’s Cyber Security Practice by visiting: https://www.arrayasolutions.com/contact-us/. You can also reach our team through social media – LinkedIn, Twitter, and Facebook. Follow us so you can share your thoughts on all of our latest blogs and be the first to know about our exclusive upcoming IT learning sessions.