The potential for cyber-attacks being launched during the 2018 Winter Olympics in Pyeongchang against those attending the games, and even those watching from afar, is so strong that US CERT has issued cyber-security guidelines for those visiting, tips that can be used well after the Olympics ends in any public environment.
“With the 2018 Winter Olympics commencing soon, we can expect that the events will generate cyber-threat activity. Both targeting of specific organisations that are involved in sponsoring, promoting and participating in the game, as well as using the attention it generates as lure content for delivery of malware. Based on historical activity surrounding the Olympics, these threats will likely include cyber-espionage groups, hacktivists and cyber-criminals,” said Jens Monrad, FireEye's principal threat analyst.
Considering the on-the-go nature of attending the Olympics all of the recommendations centre on mobile security hygiene and are very similar to what attendees of Black Hat and Def Con are told.
· Switch off Wi-Fi and Bluetooth connections when not in use.
· Use a credit card to pay for online goods and services.
· When using a public or unsecured wireless connection, avoid using sites and applications that require personal information like log-ins.
· Update mobile software.
· Use strong PINs and passwords.
Other suggestions include have two-factor authentication for your accounts, keep a screen lock active on your device and most importantly take a minute and think before you click on a link.
There have already been several hacking attempts centered on the Olympics with documents and emails stolen from the International Luge Federation being leaked and McAfee reported in early January campaign targeting organisations involved with the Pyeongchang Olympics that used the games as part of a social engineering plan to trick folks into opening phishing emails.
While nation-state backed cyber-attacks cannot be ruled out, most experts believe that with North Korea now attending the games and attack from that direction is unlikely, but it does not mean the games are safe.
“The largest cyber-threat to the Winter Games comes from non-state actors. Hacktivists, cyber-terrorists, and fame seekers all see the Olympics as a great venue for their personal cause, whether it's personal fame, the propaganda of a political message or harm for a political purpose,” Ross Rustici, senior director for intelligence services for Cybereason.
Possibly making the attackers job easier, and the defenders more difficult, is the reliance the games IT infrastructure will have on third-party vendors. As a group third-party vendors have not performed well when it comes to protecting data and Rustici believes this could again prove to be a weak spot at the Olympics.
“The sprawling networks needed to successfully run the Olympics requires giving access to subcontractors, international journalists and TV networks, international delegations and, in some cases, throngs of tourists. The network security teams will manage millions of network events a day over disperse networks with unique protocols and traffic patterns over systems that include: broadcast networks; industrial control systems; tickets, merchandise and other payment related systems and operational networks related to the running and scoring of the games themselves,” he said.
And it's not just the systems and devices directly associated with managing the games that are in danger. The relative ease many hackers have infiltrating IoT devices means even the medical devices on site to care for the athletes are a danger point, said Jonathan Langer, co-founder and CEO of Medigate, a medical device security platform.
“As the technology used in the Olympics evolves, so do the cyber-criminals who now target the many connected medical devices that the athletes use. The Olympics exemplify the emerging cyber-security threats in healthcare, specifically medical device cyber-security, which is a part of the wave of IoT devices connecting to networks. Hospitals all over the globe are struggling to face off with this new cyber-security challenge,” he said.
McAfee has already noted a few campaigns using the games as part of the social engineering aspect scheme in their attacks.
The first incident took place on 22 December with the last known coming in on 28 December. The initial email was addressed to icehockey@pyeongchang2018[.]com with several other organisations that are playing some type of support or infrastructure role in the Olympics being blind CC'd. The email was sent from an IP address in Singapore and it was spoofed to say it came from the South Korean National Counter-Terrorism Centre, which at the time was running counter-terrorism drills for the Olympics.
The malicious actor behind this attack has recently added additional capability to the malware making it more than a basic info stealer making it more persistent enabling it to remove data over an extended period of time.