Skip to main content

2018 Olympics Hit By Malware

By February 23, 2018May 22nd, 2021Cybersecurity

Hackers are picky about their victims.  They’ll target just about any group or organization, including the 2018 Olympics.

Cisco’s Talos Group recently identified a new strain of malware they’ve dubbed “Olympic Destroyer” which is wreaking havoc in Pyeong Chang’s computer networks and causing downtime to internal WiFi and television systems. This has impacted the games’ opening ceremonies, and stands an excellent chance of further disrupting the rest of the festivities.

Because the threat was only recently discovered, the Talos team’s initial assessment and report was spotty and short on details, but the group recently amended their initial findings.  The results aren’t pretty, and the malware is seen as being both more dangerous and more advanced than originally thought.

The big three findings in the team’s amended report are as follows:

  • It’s Polymorphic – As the malware spreads, it collects new credentials from each machine it infects, adding these to its binary on the fly. Members of the Talos team had this to say about the behavior: “I have not seen a malware sample modify itself to include harvested creds before and I’ve been doing this stuff longer than I should admit.  Polymorphic malware isn’t a new idea by itself, but I’ve never seen any examples of malware modifying itself to include harvested credentials.”
  • It Spreads Via The EternalRomance Exploit – This bit of information comes to us from the Windows Defender team. The mechanism by which Olympic Destroyer spreads is industrial grade, utilizing an exploit from the NSA leaked by the Shadow Brokers last year.
  • Finally, It Wipes Data – This is perhaps the most significant of the three updates to the Talos report. The malware has a data wiping mechanism built into it that it utilizes at every opportunity in an attempt to delete files on network shares.  Since it only seems to target shared files, it’s not deleting items key to OS functionality. Even so, these shared files are important, and this is what’s causing operational disruptions.

More details will no doubt become available as the various teams researching Olympic Destroyer get a better understanding of what they’re looking at.  The bottom line is, it’s a pretty advanced threat and will likely inspire copycats in the months ahead.

Jason Manteiga

Jason Manteiga

Jason J. Manteiga, Vice President of Olmec Systems, has been part of the company for over the past 20 years. He believes that having a great work environment and supportive team, is the ultimate key to success. Since being in the IT realm for over 25 years, Jason, along with Olmec Systems, has been on the Inc. 5000 “List of America’s Fastest Growing Private Companies” and Channel Futures MSP 501 “Top Managed Service Providers in North America,” along with other awards and nominations. Jason earned his Bachelor Degree in Information Systems from the New Jersey Institute of Technology. He also holds certifications in Microsoft MCSE, VMWare VCP, and Cisco CCNA. In his spare time, Jason is a contributor for The Center for Social & Legal Research (Privacy Exchange) and a member of the Morris County Chamber of Commerce. His hobbies include cycling and kayaking. He currently lives in New Jersey with his wife, two daughters and son.

Leave a Reply