Home Security Olympics attack aimed at disruption, say Cisco researchers

Olympics attack aimed at disruption, say Cisco researchers

Olympics attack aimed at disruption, say Cisco researchers Featured

Researchers at Cisco's Talos Group say they are fairly sure that a cyber attack during the opening ceremony of the Winter Olympics on Friday, using Windows malware, was only aimed at disrupting proceedings and did not involve any data destruction or exfiltration.

Talos Group researchers Warren Mercer and Paul Rascagneres wrote that the malware which had disrupted proceedings — which they dubbed Olympic Destroyer — could not be attributed to any one country with absolute certainty.

The Guardian  reported that the attack resulted Wi-Fi dropping out at the main Pyeonchang Olympic Stadium shortly before the opening ceremony, making it impossible for users to access information or print their tickets.

Television and Internet services were similarly affected and things returned to normal only after 12 hours.

The Guardian report said there had been concerns that the attack came from Russia, as a means of taking revenge for the fact that Russian athletes were banned from the games, because of state-sponsored doping at the previous games in Sochi, Russia, in 2014.

An official spokesperson, Sung Baik-you, made no comment on who was behind the attack, but said: “There was a cyber attack and the server was updated yesterday during the day and we have the cause of the problem.

“They know what happened and this is a usual thing during the Olympic Games. We are not going to reveal the source.

“We are taking secure operations and, in line with best practice, we’re not going to comment on the issue because it is an issue that we are dealing with,” he said.

“We wouldn’t start giving you the details of an investigation before it is coming to an end, particularly if it was on security which, at these games, is incredibly important.”

Mercer and Rascagneres said the samples they had analysed appeared to perform only destructive functionality.

"There does not appear to be any exfiltration of data. Analysis shows that actors are again favouring legitimate pieces of software as PsExec functionality is identified within the sample," they said.

"The destructive nature of this malware aims to render the machine unusable by deleting shadow copies, event logs and trying to use PsExec & WMI to further move through the environment. This is something we have witnessed previously with BadRabbit and Nyetya."

There was no comment from either the organisers or the researchers as to why such a big event had Windows computers facing the Internet and not behind a demilitarised zone.

LEARN HOW TO REDUCE YOUR RISK OF A CYBER ATTACK

Australia is a cyber espionage hot spot.

As we automate, script and move to the cloud, more and more businesses are reliant on infrastructure that has the high potential to be exposed to risk.

It only takes one awry email to expose an accounts’ payable process, and for cyber attackers to cost a business thousands of dollars.

In the free white paper ‘6 Steps to Improve your Business Cyber Security’ you’ll learn some simple steps you should be taking to prevent devastating and malicious cyber attacks from destroying your business.

Cyber security can no longer be ignored, in this white paper you’ll learn:

· How does business security get breached?
· What can it cost to get it wrong?
· 6 actionable tips

DOWNLOAD NOW!

RECOVERING FROM RANSOMWARE

Ransomware is a type of malware that blocks access to your files and systems until you pay a ransom.

The first example of ransomware happened on September 5, 2013, when Cryptolocker was unleashed.

It quickly affected many systems with hackers requiring users to pay money for the decryption keys.

Find out how one company used backup and cloud storage software to protect their company’s PCs and recovered all of their systems after a ransomware strike.

DOWNLOAD THE REPORT!

Sam Varghese

website statistics

A professional journalist with decades of experience, Sam for nine years used DOS and then Windows, which led him to start experimenting with GNU/Linux in 1998. Since then he has written widely about the use of both free and open source software, and the people behind the code. His personal blog is titled Irregular Expression.

 

Popular News

 

Telecommunications