With the eyes of the entire world on Pyeongchang, South Korea, nothing makes for a better target for hackers and malicious attack groups.
The Olympic Committee has reported it has had several machines succumb to a new malware referred to as “Olympic Destroyer.” With the 2014 Sochi Olympics making about $53 million in revenue, the Olympics are a huge target for ransomware attacks. Money though isn’t always the motive, though. In this case, it appears the attackers just want to disrupt the games and show off their skills.
The Olympic Destroyer malware’s current goal is making devices totally unusable, achieving this by deleting files critical to allowing the operating system of the machines to run but, at the same time, using network devices to further its progression to other machines. This sophisticated malware is also stealing credentials from the machines it has infected. Olympic Destroyer contains two modules it uses to steal credentials — one of them steals the credentials from an internet browser and the other from the local machine’s administrator credentials.
You might have noticed on Feb. 9 that the official Winter Olympics’ website was down for the majority of the day — roughly 12 hours — which left attendees unable to print tickets to events. The malware was able to take down the website with the malicious attack, and it also brought down several television feeds. In January, researchers for various companies reported a Russian hacking group had been sending phishing emails with malicious attachments to South Korean organizations as well as groups that work with the Olympics.
Russia’s foreign ministry has denied any allegations and has said “no evidence would be presented to the world.” So far, investigators of the attacks have made no claims as to who has initiated this attack on the Winter Olympic Games.
At a time when the world is supposed to come together for the love of sports, there are still people out there with malicious intentions fixating on poisoning any happiness this world can get.