On Monday, February 12th, TheHackerNews reported that the Pyeongchang Winter Olympics taking place in South Korea was disrupted following a malware attack before and during the opening ceremony on Friday. Travis Day of ARRC Technology stated in response to the attack, “It is a DDoS (distributed denial of service) and is common for large scale events like the Olympics. The new threat on the rise is cryptojacking and its replacing ransomware on the threat landscape as explained in a recent article with Wired.com.”
The cyber attack coincided with 12 hours of downtime on the official website for the Winter Games, the collapse of Wi-Fi in the Pyeongchang Olympic stadium and the failure of televisions and internet at the main press center, leaving attendees unable to print their tickets for events or get venue information.
The Pyeongchang Winter Olympics organizing committee confirmed Sunday that a cyber attack hit its network helping run the event during the opening ceremony, which was fully restored on 8 am local time on Saturday—that’s full 12 hours after the attack began.
Multiple cybersecurity firms published reports on Monday, suggesting that the cause of the disruption was “destructive” wiper malware that had been spread throughout the Winter Games’ official network using stolen credentials.
Dubbed “Olympic Destroyer” by the researchers at Cisco Talos, the wiper malware majorly focuses on taking down networks and systems and wiping data, rather than stealing information.
The Talos researchers would not comment on attribution, but various security experts have already started attributing the Olympic Destroyer malware to hackers linked to either North Korea, China or Russia.
According to the analysis by Cisco Talos, the attacker had intimate knowledge of the Pyeongchang 2018 network’s systems and knew a “lot of technical details of the Olympic Game infrastructure such as username, domain name, server name, and obviously password.”
“The other factor to consider here is that by using the hard-coded credentials within this malware it’s also possible the Olympic infrastructure was already compromised previously to allow the exfiltration of these credentials,” researchers said.
The Olympic Destroyer malware drops two credential stealers, a browser credential stealer and a system stealer, to obtain required credentials and then spreads to other systems as well using PsExec and Windows Management Instrumentation (WMI), two legitimate Windows administration tools used by network admins to access and carry out actions on other PCs on a network.
The researchers noted that both built-in tools were also abused by the Bad Rabbit ransomware and NotPetya wiper malware last year.
Once installed, the malware then first deletes all possible “shadow” copies of files and Windows backup catalogs, turn off recovery mode and then deletes system logs to cover its tracks and making file recovery difficult.
“Wiping all available methods of recovery shows this attacker had no intention of leaving the machine useable. The sole purpose of this malware is to perform destruction of the host and leave the computer system offline,” reads the Talos blog post.
It’s difficult to accurately attribute this cyber attack to a specific group or nation-state hackers due to sparse of technical evidence to support such a conclusion as well as hackers often employing techniques to obfuscate their operations.
RELATED ARTICLES:
First, read what a Managed Service Provider is before you take a deeper look into how an MSP protects your company. And here’s Part 2: The Human Element, if you missed it.
Here are the more advanced threats that can harm your company, and why an MSP is your best option.
According to Google, malware (short for “malicious software”) is software that is intended to damage or disable computers and computer systems. It can include phishing threats, viruses, ransomware, spyware, etc. Back in the day, malware was very simple. Many attacks came from curious hackers who weren’t out to make money but just to see what they could do. Nowadays, with ransomware and other digital money-making opportunities, malware has become exponentially more vicious. As technology rockets forward, so do the cyberthreats. And the more advanced malware gets, the less likely you can fight it on your own.
How an MSP protects you: Think of an MSP as your own digital army. Now your business is protected by consistent monitoring and professionals who can fight those cyber-battles for you. You won’t have to worry about whether or not you’re keeping up with the latest in cybersecurity because your network is protected at all times. Partnering with an MSP takes the worry out of your mind and allows you to focus on your business, not your technology.
Hand-in-hand with malware, hackers are the human component behind cyberattacks. Someone has to program that evil bot, right? Now that there’s some serious money to be made in the hacking business, everyone with half a brain is trying to get into it. And with heavy competition like that, it’s a perfect environment to breed rockstar hackers. And the bad news is, the more advanced they get, the more help the average business owner will need to protect themselves.
How an MSP protects you: Just like with malware, having an MSP partner takes the stress off your shoulders. With your network being monitored 24/7, any kind of attack will be spotted before it can do damage. And, even better, your network won’t have the common vulnerabilities that most do. The usual holes that hackers exploit won’t exist in your network, meaning your business flies under the radar of most attacks. Your equipment will be updated, your software will be patched regularly, your network will be solidified, and you can sleep easy at night knowing your company is safe.
If you missed what a Managed Service Provider is, check it out before you take a deeper look into how an MSP protects your company. If you missed Part 1: Hardware and Software, have no fear. You can read it and pop back here.
Now, let’s get into how partnering with an MSP protects you from the human element.
Sometimes, crime revolves around opportunity. If you have an open-door policy at your business, it makes it easy for an everyday criminal to waltz inside. And once inside, they can poke around computers that aren’t locked or secured. All it takes is a couple of minutes, searching on an unattended computer for things like “Financial Records” or “Credit Card.” A crime of opportunity happens in an instant, and that criminal can walk away with a sheet of credit card numbers or bank statements.
How an MSP protects you:MSPs are well-versed in things like simple security, such as requiring all workstations to be secured with individual passwords. Once an MSP has audited your network, they can find where you are most vulnerable, and take the necessary measures to prevent unauthorized use of computers and wireless internet. On top of that, most MSPs can assist your company in becoming PCI compliant, which means all the credit card information you have on file isn’t accessible to the naked eye. So even if someone were able to access a computer at your business, they couldn’t download a sheet with full credit card numbers anyway.
You probably hire your employees based on their ability to perform the specific job you listed, right? And I’m sure they do a fine job. But unfortunately, a lot of them don’t come equipped with the right cybersecurity skills. No, we’re not talking about certified technical skills, but the basics of staying safe online. All it would take is Jim in accounts payable clicking on an unsafe link from an email and your sensitive financial information is in the hands of cybercriminals. As humans, we can’t know everything. The good news is, all it takes is a little education and your employees will turn from the weakest link to your strongest asset.
How an MSP Protects You: Some MSPs host either on-site or off-site training classes for employees. They’re basic and simple but make a huge difference in your cybersecurity plan. By simply showing employees how to spot a phishing email or what digital hygiene looks like, they’re less likely to endanger your network. ARRC Technology hosted several cybersecurity training events on-site, and continues to look for new ways to educate businesses in the Bakersfield area.
The dark side of the normal employee is the rare vindictive employee. This employee is the one who had a bad attitude all along and once they were fired, decided to take all their worldly wrath out on the company. Vindictive employees are very dangerous, mainly because they have access to company records. Without the proper off-boarding procedure, vindictive employees may have access for days, months, or even years to the company network. And sometimes, depending on how sour they are, they can delete or modify records before they’re caught.
How an MSP protects you: MSPs have ample experience with the correct onboarding and offboarding procedures, exact times and all. In layman’s terms, this means those new employees have access to what they need the first day they start work, and employees that are fired or laid off have all access removed the moment they’re told. This eliminates the possibility of an angry employee stalking back to their desk, downloading sensitive information, and walking out. Or even going home, logging into their workstation remotely, and destroying information. Utilizing the proper strategy to make sure that never happens is critical to protecting your business.
Now that we’ve covered what a Managed Service Provider is, let’s take a deeper look into how an MSP protects your company.
Let’s start with some of the simple things first, like how your hardware and software is protected.
Okay, this one is boring but absolutely critical. If you ignore all those little boxes in the corner that ask you to update software, you are in big trouble. The reason they pop up isn’t to annoy you (shocker, I know) but because there was a vulnerability identified and the software team made changes to address that issue. Sometimes the updates are frequent, and sometimes they don’t come around for a while. Regardless, you HAVE TO update your software as often as possible. You leave yourself open to attackers if you don’t.
How an MSP protects you: By partnering with an MSP, you’ll always stay up-to-date. Because of the proactive monitoring, your technology will be updated when needed. If there are any issues, you have a full support team to help. You won’t ever have to stress about that update again.
You may think that 8-year-old computer is perfectly fine to use, but old equipment can clog networks like hair clogs a drain. We all know that technology advances like the speed of light (hello new iPhone every 6 months) so think about that the next time you look at that 8-year-old piece of machinery.
And as much as we may love our workstation that we’ve become comfortable with over the years, it’s probably struggling under the weight of running newer and newer programs with its old operating system. It’s just the nature of the beast. So identifying those pieces of equipment that don’t make sense anymore really helps streamline your efficiency.
How an MSP protects you: When you partner with an MSP, you’ll get a very thorough audit into your current equipment and network. Pieces that are causing challenges will be identified, along with solutions to make sure those challenges disappear forever. And, by partnering with an MSP like ARRC Technology, you get equipment refreshes every three years. You’ll never run into an 8-year-old computer again, nor will you have to worry about it. With up-to-date equipment supporting your network and experts constantly monitoring your infrastructure, your chances of falling victim to a cybercriminal are slim to none.
Managed services is a term that makes absolutely no sense—unless you’re in the IT industry. So for those of us who don’t know what it means or why it’s important, let’s get right to it.
Managed services is fully outsourced IT that takes care of all the headaches you normally associate with technology. Basically, if it’s IT-related, managed services can make it better.
Now, a lot of people get the same look of confusion on their face when someone says managed services. And that’s normal. Just like the word jurisprudence make no sense to anyone but lawyers, or xerostomia makes no sense to anyone but those in the dental field.
But what exactly can managed services save your business from? Below are a few of the many benefits.
Managed services is well-known for one feature above all: proactive monitoring. With this feature, a group of technicians constantly monitor your technology to ensure nothing fails. If a potential problem surfaces, these technicians will be all over it before it turns into an issue. And sometimes, these advanced technicians might even fix the problem before you ever knew one existed.
Because of all this monitoring, you and your staff will experience very little downtime. Your IT is no longer sputtering out of control and choking on its lack of upkeep. It does what it should, when it should, no matter what. Why? Because a group of technicians make sure that it does.
When you have fully managed technology, your technology is… well, fully managed. From routine maintenance and automatic upgrades to proactive monitoring and instant support, your technology remains consistent because it’s consistently taken care of.
In other words, hurdles are all but eliminated. Problems are identified and corrected immediately, and your business can remain productive and free of IT challenges and complications.
Sure, you might still have a piece of hardware break down on you from time to time. And yeah, your network might have an issue or two every now and then. But with managed services, this won’t cost you anything. It’s bundled into a flat, monthly rate that should only change if you decide to expand your business or upgrade your technology.
This means that those ridiculously large and out-of-control repair expenses go away completely. You finally have the full ability to successfully budget for your technology. No more guessing. No more hoping. No more praying. It is what it is and won’t change.
With the lovely combination of routine maintenance, proactive monitoring, and a flat, monthly rate, a fully managed technology solution removes the element of surprise from your IT. There will be no coming to work on a Monday morning only to discover a broken-down network. There will be no large repair fees to wait for. And there will be no dreading an eventual collapse of your data. Managed services isn’t a fan of surprises.
No more Googling. No more YouTube-ing. No more calling that friend of a friend. Managed services is managed by a group of professionals who are experts at what they do. You are no longer the wannabe IT guru, and you no longer have to act like you know what you’re doing.
