Who was behind the cyber attack during the Winter Olympics opening ceremony?

Speculation has been running wild about who was responsible for the cyber attack during the opening ceremony of the 2018 Winter Olympics in Pyeongchang, South Korea.

The malware responsible for the attack, dubbed ‘Olympic Destroyer’, paralyzed IT systems, causing display monitors and Wi-Fi in the Olympic Stadium to shut down. It also took down the official 2018 Winter Olympics website, preventing visitors from printing tickets.

A planned drone show for the opening ceremony was also scrapped, although this was reportedly because too many spectators were standing in the area where it was supposed to take place.

The Pyeongchang Olympic Committee hasn’t speculated as to who is responsible for the attack, but several experts have blamed Russia. Wired reported that “the hackers seem to have at least left behind some calling cards that look rather Russian.”

Russian officials have called the allegation “unfounded,” but, nonetheless, many have pointed to the continued tension between the country and the International Olympic Committee (IOC) and previous attacks against the IOC by Russian criminal hackers.

What is Olympic Destroyer?

Warren Mercer, a researcher at Cisco’s Talos division, which analyzed the malware, told reporters: “It was effectively a worm within the Olympic infrastructure that caused a denial-of-service attack.”

Talos Research Director Craig Williams added that the malware is designed to automatically spread within a network and destroy certain data, including part of its boot record, and reboot machines and prevent them from loading. “It turns off all the services, the boot information is nuked, and the machine is disabled,” he said.

Talos notes that Olympic Destroyer’s tactics and spreading methods resemble NotPetya and Bad Rabbit, both of which are allegedly tied to Russian criminal hackers.

The other usual suspect when it comes to politically motivated hacks is North Korea, but the country has previously said it is using the Winter Olympics as an opportunity to improve its diplomatic relations with host nation and neighbor South Korea, suggesting that it’s unlikely that it would instigate an attack.

Secure your organization with ISO 27001

You might not think there are too many lessons you can take away from this incident. Your organization might not be as high profile as the 2018 Winter Olympics Committee, and you might not be targeted by sophisticated (and possibly state-sponsored) criminal hackers, but you will face a major cyber incident sooner or later. Attacks such as WannaCry and NotPetya prove that anyone can be caught up in large-scale attacks. They often target organizations randomly and indiscriminately, meaning you always need to be alert.

Organizations looking to stay protected should implement an ISO 27001-compliant information security management system (ISMS). ISO 27001 is the international standard that describes best practices for an ISMS, providing the basis for managing data security using an integrated set of policies, procedures, and technologies.

Our ISO27001 Certified ISMS Foundation Training Course shows you how to comply with the Standard, covering:

  • The benefits of ISMS certification
  • An overview of ISO 27001 and its application
  • The key elements of ISMS implementation project planning
  • The key steps of an ISO 27001 risk assessment

This one-day course will be held in New York, NY, on March 20, 2018.