What is Will Olympic Destroyer Come Back in 2020??
The Olympic Games is one of the most-watched sports events in the world. It attracts millions of viewers all around the world. It also attracts Olympic Destroyer and various other kinds of malware. Sadly, we live in a world, in which cybercriminals exist, and their goals range from stealing and selling confidential data to tarnishing the name and reputation of the Olympic Game organizers. Although the attackers behind this malware were able to successfully attack those involved in the organization of the Pyeongchang Winter Olympic Games in 2018, the event went on as planned, and the attackers were not able to create irreversible damage. That being said, they were able to steal credentials that, evidently, enabled them to access sensitive data. Unfortunately, the infection was not dismantled, and it is very possible that we could face it again during the Summer Olympic Games in 2020.
Cybercriminals love emails. In the future, they might turn to different methods of malware distribution, but, at the moment, many of the threats we have to deal with come via emails. We send and receive more and more emails, and that means that some of us might become careless about how we open the messages we receive every day. It is easy to mistake spam emails for real ones because their creators know what subject lines and messages can trick the targeted victims. Even the addresses from which these emails are sent can be misleadingly convincing. If the target is tricked, they might be pushed into opening a malicious link or, more likely, a file attachment. For example, researchers at Securelist.com found that Olympic Destroyer was spread via emails that seemed to contain a Word Document file. Once opened, the victims were asked to “Enable Content” because the text seemed encoded. Unfortunately, by clicking the misleading button, the victims were tricked into letting in malware.
Once the launcher was executed, the attackers could successfully infiltrate Olympic Destroyer without any warning. This malware runs as a worm, which means that it can self-propagate across different systems in the infected network. First, the threat uses a password-stealing module to record credentials that, of course, could help the attackers take over the systems. After an hour of collecting credentials, Olympic Destroyer employs a wiper that destroys the data within the infected machines. Even the backups are reset and shadow volume copies are deleted to ensure that the victims cannot resume normal functions. The infection also employs a legitimate PsExec tool to aid its functionality.
During the Winter Olympic Games in 2018, Olympic Destroyer allowed the attackers to tamper with Wi-Fi connections, IT service providers, the software used during the events, and even the official website. Businesses associated with the Games or located in close proximity to the event’s location were affected too. During the opening ceremony, thousands of monitors turned black, security gates were shut down, and Wi-Fi stopped working. Even though all of the Olympic staff's domain controllers were paralyzed, the IT team managed to resume normal functionality by the time the first day events had started.
In May and June of 2018 (several months after the Games), Olympic Destroyer was found attacking biological and chemical threat prevention laboratories in Europe, as well as financial organizations in Russia. This is strange, considering that it is not popularly believed that Russia was behind the attack. The Summer Olympic Games are 8 months away, and the organizers are setting up the IT infrastructure in Tokyo. Undoubtedly, the attacks that threatened to ruin the opening ceremony of the 2018 Olympic Games, as well as the events following it, must be on their minds. Unfortunately, cybercriminals are unpredictable, and it is hard to say which attack methods they will employ this time. Only time will tell.
References
GReAT. March 8, 2018. OlympicDestroyer is here to trick the industry. Securelist.
Greenberg, A. October 17, 2019. The Untold Story of the 2018 Olympics Cyberattack, the Most Deceptive Hack in History. WIRED.
tested removal of Will Olympic Destroyer Come Back in 2020?*
0 Comments.