The Winter Olympic Games 2018 in South Korea has dominated the news with sports, economic and political storylines, and news of a cyber-attack was another predictable headline related to the Games. The recent cyber-crime, which targeted the official Winter Olympics' website, prevented attendees' from printing tickets and disabled Wi-Fi for reporters during the opening ceremony.
Cyber-attacks are common around sporting events – another famous example is the Russian hacking group Fancy Bears, which targeted the World Anti-Doping Agency database and resulted in the publication of medical records for 25 football players in the 2010 World Cup. The leaked documents also revealed names of players that reportedly failed their drug tests. The Football Association was also concerned that sensitive data, such as squad selection, injury details and tactics, could also be exposed.
There are multiple motives behind cyber-attacks on big sporting events; corporate blackmail, access to the personal and financial information of ticket buyers, the planting of malware on sites with many users, and the altering of results through a hack. Mainly however, cyber- criminals are attracted by the high numbers and attention/profit that a successful cyber-attack could yield.
Cyber-attacks have political motives too – like activities conducted by hacktivists who use disruptive techniques to bring attention to their cause. For example, in 2008, the Beijing Olympic website was supposedly attacked as a sign of protest against Chinese policies in Tibet.
Many large-scale sporting events host their websites and business-critical web applications in the cloud. This gives them the flexibility and agility to scale as big announcements or ticket sales go online. Both Wimbledon and Euro 2016 ran mobile applications alongside tournaments – keeping audiences up to date from virtually anywhere. The benefits of using cloud include many security advantages, but old school approaches to securing web applications are not going to protect against the emerging cyber threats and protect customer data and confidence.
Cloud-based applications gain the benefit of being hosted on hardened cloud platforms, but attackers are getting better at finding the “Achilles Heel.” According to Alert Logic's Cloud Security Report 2017, Cyber-criminals are moving up the application stack to find vulnerabilities. What attackers will look for is a server or person that is well connected and that has access to the information or the connections needed to progress their attack. Dynamic applications and data buckets are of interest at the moment as they are relatively easy to attack. The more exposed an application, the bigger the risk of a breach.
Companies should have visibility into, and understand, the full application stack so that they can monitor and defend every layer that could be an entry point for attackers while also keeping sight of potential lateral movement.
The National Crime Agency's 2017 assessment of cyber-crime suggests that readily available as-a-service hacking toolkits have further lowered the barrier to entry for committing cyber-crime. Sam Stepanyan, leader at OWASP Foundation, who presented at a recent CloudSec event in London, spoke of penetration test reports being stored on open servers. Almost every day we hear of new attacks, data breaches and hacks being discovered – so are companies making cyber-criminals' jobs easy or are the hackers getting more sophisticated? It's both.
Due to businesses moving to the cloud, the threat landscape has changed and different skillsets are needed. To fully secure workloads and stay ahead of the numerous threats, businesses need a team of experts who can investigate, research and analyse threats globally and then monitor, enrich, validate and escalate incident reports.
Commonly known as a Security Operations Center (SOC), this is a team of analysts, data scientists, security researchers, security content developers and threat intelligence analysts. Some organisations build these teams internally, while others use a managed security-as-a-service provider that allows the rest of the business to stay focused until it's time to act on specific threats. Outsourcing technical security to experts could be the best option available to organisers of such huge events to ensure they are protected from every angle and risk is independently assessed.
It is important to focus on the critical processes and workloads related to the event and to perform the security basics of patching, configuration management and attack surface minimisation. This means ensuring your security posture is emphasised alongside technology strategies. Key defensive strategies should include proactive monitoring, threat intelligence and effective incident response to mitigate and proactively respond to the risks of cyber-attacks. A cyber-hack might be happening right now, we just don't know it yet. Let the athletes win, not the hackers.
Contribued by Oliver Pinson-Roxburgh, EMEA director at Alert Logic
*Note: The views expressed in this blog are those of the author and do not necessarily reflect the views of SC Media UK or Haymarket Media.