Security Market Segment LS
Tuesday, 13 February 2018 06:20

Olympics attack aimed at disruption, say Cisco researchers Featured

By

Researchers at Cisco's Talos Group say they are fairly sure that a cyber attack during the opening ceremony of the Winter Olympics on Friday, using Windows malware, was only aimed at disrupting proceedings and did not involve any data destruction or exfiltration.

Talos Group researchers Warren Mercer and Paul Rascagneres wrote that the malware which had disrupted proceedings — which they dubbed Olympic Destroyer — could not be attributed to any one country with absolute certainty.

The Guardian  reported that the attack resulted in Wi-Fi dropping out at the main Pyeonchang Olympic Stadium shortly before the opening ceremony, making it impossible for users to access information or print their tickets.

Television and Internet services were similarly affected and things returned to normal only after 12 hours.

The Guardian report said there had been concerns that the attack came from Russia, as a means of taking revenge for the fact that Russian athletes were banned from the games, because of state-sponsored doping at the previous games in Sochi, Russia, in 2014.

An official spokesperson, Sung Baik-you, made no comment on who was behind the attack, but said: “There was a cyber attack and the server was updated yesterday during the day and we have the cause of the problem.

“They know what happened and this is a usual thing during the Olympic Games. We are not going to reveal the source.

“We are taking secure operations and, in line with best practice, we’re not going to comment on the issue because it is an issue that we are dealing with,” he said.

“We wouldn’t start giving you the details of an investigation before it is coming to an end, particularly if it was on security which, at these games, is incredibly important.”

Mercer and Rascagneres said the samples they had analysed appeared to perform only destructive functionality.

"There does not appear to be any exfiltration of data. Analysis shows that actors are again favouring legitimate pieces of software as PsExec functionality is identified within the sample," they said.

"The destructive nature of this malware aims to render the machine unusable by deleting shadow copies, event logs and trying to use PsExec & WMI to further move through the environment. This is something we have witnessed previously with BadRabbit and Nyetya."

There was no comment from either the organisers or the researchers as to why such a big event had Windows computers facing the Internet and not behind a demilitarised zone.


Subscribe to ITWIRE UPDATE Newsletter here

Active Vs. Passive DWDM Solutions

An active approach to your growing optical transport network & connectivity needs.

Building dark fibre network infrastructure using WDM technology used to be considered a complex challenge that only carriers have the means to implement.

This has led many enterprises to build passive networks, which are inferior in quality and ultimately limit their future growth.

Why are passive solutions considered inferior? And what makes active solutions great?

Read more about these two solutions, and how PacketLight fits into all this.

CLICK HERE!

WEBINAR INVITE 8th & 10th September: 5G Performing At The Edge

Don't miss the only 5G and edge performance-focused event in the industry!

Edge computing will play a critical part within digital transformation initiatives across every industry sector. It promises operational speed and efficiency, improved customer service, and reduced operational costs.

This coupled with the new capabilities 5G brings opens up huge opportunities for both network operators and enterprise organisations.

But these technologies will only reach their full potential with assured delivery and performance – with a trust model in place.

With this in mind, we are pleased to announce a two-part digital event, sponsored by Accedian, on the 8th & 10th of September titled 5G: Performing at the Edge.

REGISTER HERE!

BACK TO HOME PAGE
Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

Share News tips for the iTWire Journalists? Your tip will be anonymous

WEBINARS ONLINE & DEMAND

GUEST ARTICLES

VENDOR NEWS

Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News

Comments