Cyber Attacks Imminent in PyeongChang Olympic Games

07 February 2018

With the opening ceremonies of the 2018 Winter Olympic Games just days away, hundreds of thousands of spectators and competitors are arriving in PyeongChang County, South Korea. The Olympic Games are a grand showcase of athleticism and patriotism—but they also create security challenges, including the increased risk of cyber attacks.

When events of this magnitude occur, they are bound to become the target of opportunistic attacks by cybercriminals, and this year’s Olympic Games is no exception. McAfee Advanced Threat Research analysts have recently discovered an email phishing campaign primarily targeting organizations involved with providing infrastructure and support for the games. The emails contained a malicious payload that establishes an encrypted channel from the victim’s machine back to the attacker’s server, allowing them to execute commands remotely as well as install further malware.

Large events with many contractors are a lucrative target for cyber attacks. The Olympics faces unique challenges being a multinational event, as language barriers present opportunities for attacks that play on imperfect translations or lack of knowledge about government entities. In the attack uncovered by McAfee, the emails appeared as though they came from the National Counter-Terrorism Center (NCTC) in South Korea, which at the time was conducting drills in the region in preparation of the Games.

This recent incident is just one example of a cybersecurity issue in the Olympic Games. According to a 2017 report titled “Report on the Cybersecurity of Olympic Sports” from the UC Berkeley Center for Long-Term Cybersecurity, the most recent Olympic Games have faced a number of serious cybersecurity incidents. During the 2008 Beijing Olympics, security officials fielded 11 million to 12 million daily alerts, with roughly a half dozen falling into the imminent threat category, according to the report. And in the 2012 Summer Olympics in London, six major security incidents—five of which involved DDoS-related attacks—were brought to the attention of the event's CIO. Last year, at the conclusion of the Rio Olympic Games, Russian hackers pilfered medical records of athletes from the World Anti-Doping Agency.

While the U.S. won’t host the Olympic Games until 2028 in Los Angeles, U.S. officials are already considering cybersecurity threats for the high-profile event. According to the UC Berkeley report—which was supported by the Los Angeles Organizing Committee for the 2028 Olympics—the Olympic Games in the coming years are likely to face far more serious cyberattacks, and ones that will be more difficult to detect.

Security for large events such as the Olympics falls on all vendors, regardless of business type. For example, just one unsecured email server at one vendor has the potential become a relay for phishing emails directed at participants or government agencies. It’s important for all organizations and individuals participating in the Games to understand the most prominent risks, and diligently work to mitigate them.

While history shows us there are bound to be more cyber incidents because of the Games, let’s hope that with increased security efforts there will be little disruption at the hands of cyber criminals over the next few weeks.