Ready to Start Your Career?
February 13, 2018
Winter Olympics 2018: Hackers Going for Gold
February 13, 2018
During past Olympic Games in Beijing, London, and Brazil, there were reportedly millions of attempted cyberattacks a day, of which some were successful. As the breadth and depth of technology used in conjunction with the Games expands, everything from VR to IoT, the attack surface widens and attackers find more creative at ways of leveraging this monumental event for malicious purposes. It seems this year is no different.Reportedly, there was a ‘hack’ on the organizing committee's servers before the Opening Ceremony in Pyeongchang, causing "malfunction of the internet protocol televisions." As a precaution, the servers as well as the Olympic website were shut down, but restored a day later. It appears McAfee has also uncovered a variant of GoldDragon malware that allows adversaries to profile a targeted system and send the results to a control server.Needless to say, security professionals charged with overseeing the event have their hands full as hackers try to go for gold. To protect the Olympics, South Korea has employed cybersecurity analysts and 50,000 soldiers, in what has been described as "one of the most militarized security forces in Olympic history." And for good reason.“The largest cyber threat to the Winter Games comes from non-state actors. Hacktivists, cyberterrorists, and fame seekers all see the Olympics as a great venue for their personal cause, whether it's personal fame, the propaganda of a political message or harm for a political purpose,” warns Ross Rustici, senior director for intelligence services for Cybereason.Perhaps the most concerning security hole hackers can leverage is the large reliance on third party vendors during the game. From an operations perspective, one can only imagine the hundreds of vendors being used for various purposes across various areas of the games. Of these services, IoT seems to pose the greatest threat, especially connected medical devices.“As the technology used in the Olympics evolves, so do the cybercriminals who now target the many connected medical devices that the athletes use. The Olympics exemplify the emerging cybersecurity threats in healthcare, specifically medical device cybersecurity, which is a part of the wave of IoT devices connecting to networks. Hospitals all over the globe are struggling to face off with this new cybersecurity challenge,” explains Jonathan Langer, co-founder and CEO of Medigate.When you consider the multiple countries in attendance and so many sports organizations, each with their own infrastructure, layered on top of the devices and vendors already put in place at the Games, cybersecurity becomes a sport in its own right."Remote hackers could stage denial-of-service attacks on networks supporting the games or steal travelers’ credit card data," writes Wired.com. " They might try to sabotage the Games by altering drug test data, interfering with scoring systems, or doxing competitors by releasing private information to embarrass or distract them before a big event. There are endless avenues that lone wolves, terrorist groups, criminal organizations, or state agents can take to achieve an equally broad range of nefarious goals."With endless possibilities, the question becomes where should those tasked with defending the integrity and safety of the Games focus? It's a similar question for professionals working in the field and unfortunately not an easy answer. Not to mention the threats go beyond just those directly targeting the Olympic Games themselves but include those targeting attendees, mostly in an effort to earn money scamming tickets. Experts advise spectators to follow these guidelines to limit personal security risk:
- Limit WiFi and Bluetooth usage. Do not connect to unknown networks.
- Install mobile software updates
- Use strong passwords and enable two-factor authentication when possible
- Avoid using sites and services that require personal information for login
- Enable a lock screen on your device
- FREE CASP Course
- CASP Virtual Lab
- CASP Practice Test
- CASP Exam Voucher (US Only)
- CASP Certification Learning Essentials (US Only)