The US and UK have officially attributed the SolarWinds cyber attack which affected 18,000 organisations globally to Russia’s Foreign Intelligence Service (Sluzhba Vneshney Razvedki, the SVR). In a joint advisory, the NSA, FBI and Cybersecurity & Infrastructure Security Agency (CISA) said SVR actors – known among security researchers as APT29, Cozy Bear and The Dukes …
By: Mackenzie Blaisdell The Olympics have always set the stage for much more than just athletic competition. Millions of people worldwide tune in to The Games to be spectators of diplomacy, culture, drama, and sometimes even propaganda. What is relatively new to the show’s program, however, is the rise of criminal and state-sponsored hacking.
The Olympics are a major target for hackers, as billions of dollars run through this event biennially. South Korea has even allocated $1.3 million for cybersecurity protection for the Olympics, mobilizing tens of thousands of security personnel, including cybersecurity analysts and 50,000 soldiers, in what has been described as one of the most militarized security forces in Olympic history to foil hacking attempts.
If the Games’ cybersecurity infrastructure proves to be inadequate, a lot is at risk. Successful cyberattacks could potentially facilitate terrorism, ransomware or kidnappings. They open up the possibility to change scoring systems or alter the photo and video replay equipment. A successful hack could mean tampering with athlete care, food dispensing systems, or the infiltration of monitoring equipment; it would open up the possibility to tamper with entry systems or even interfere with transportation. All of this could significantly alter betting odds, and competitors’ personal data could be leveraged for fraud.
The Games hosts hundreds of thousands of smartphones, cameras, computers, tablets, routers and vehicles all needing to connect to a small number of easily-identifiable networks. This prompts a large volume of web address lookups or DNS queries in a short period of time, creating countless opportunities for malware and viruses to infiltrate.
Although the phenomenon of state-sponsored hacking leading up to the Olympics is relatively new, we have seen this before. In August of 2016, the World Anti-Doping Agency was successfully hacked, and their data was publicly leaked in a campaign widely attributed to Russian hackers. That campaign took the stage amid the 2016 Summer Olympics after it became known that Russian competitors participated in a widespread, systemic and government-backed doping scheme. As a result, the country was banned from the 2018 Winter Games.
Hackers, from elementary ticket scammers to professional cyber-spies have been preparing for the 2018 Winter Games that commence on February 9 and run through until the 25th in Pyeongchang. More than 300 Olympics-related computer systems have already been hit, with many of them compromised. Some cyber-criminals have already begun to disrupt the Olympics in the name of cyber jihad or the Korean amalgamation. Others are merely looking to tamper with TV programs, hijack email accounts, or scalp phony tickets for profit.
Earlier this year, an influx of phishing attacks aimed at stealing passwords and financial information raised alerts worldwide; McAfee detected a sweeping campaign that began in late December against Olympic-linked groups.
All of these groups were targeted through malicious emails containing what appeared to be a Microsoft Word attachment. The emails were made to appear legitimate through the use of fake government aliases. The emails were crafted to look like they came from South Korea’s National Counter-Terrorism Centre, which was undergoing anti-terror drills in preparation for the Games.
The implants included in these phishing emails established an encrypted channel to the attacker’s server, most likely providing the attackers with the ability to execute commands on the victims’ machines and to install additional malware.
This was certainly not their last line of attack. McAfee announced on February 2nd that they have found malware that serves as the second stage payload in the phishing campaign, targeting involved organizations.
Additionally, the Russian hacking group Fancy Bear, or APT28, recently took ownership over leaked emails and documents belonging to the International Luge Federation, claiming they demonstrate violations of anti-doping rules. The group is also known to be responsible for targeting the European Ice Hockey Federation, the International Ski Federation, the International Biathlon Union, and the International Bobsleigh and Skeleton Federation. It is believed that the group may be looking to be gearing up for other Olympic- related attacks. 
Clearly, cybersecurity is shaping up to be a serious force to be reckoned with when it comes to the Olympics. Whatever the cause of these attacks may be, it is evident that authorities are and should be concerned for both the welfare of businesses and welfare individuals. To prepare for the onslaught the Department of Homeland Security issued a notice on February 1st alerting travelers to the Olympics that hackers could attempt to steal credentials.  Businesses should also take precautions to ensure that their employees are educated on phishing campaigns and also take cautions to keep their system’s software patched and use caution with the handling of their credentials.
Despite all precautions, attackers can and will find ways to breach a network and it becomes a matter of detecting and stopping them before damages can be done. Organizations must be prepared and be confident in their early detection of these threats to preserve not only the experience but also the safety of the Olympics athletes and supporting organizations, and attendees.
One thing we can be sure of: We cannot trust these actors to do the right thing in this environment, as they have demonstrated time and time again that they will not hesitate to create chaos or cause harm to personal safety.