What the threat intelligence group found out about the Winter Games malware.February 20, 2018
When the "Olympic Destroyer" malware hit the Winter Games in Pyeongchang, South Korea, the Cisco Talos team was quick to research and take action. The Talos team, or Cisco's comprehensive threat intelligence team, is often one step ahead or quick on the heels of digital attacks around the world. Some of these include 2017's Wannacry and Nyetya ransomwares.
Ahead of the Opening Ceremony of the Winter Games, hackers attacked the Games organizer's IT systems—shutting down monitors, taking down Wi-Fi, and taking down the official website. This made it impossible for attendees to print their tickets or reporters to cover the event. This malware which Talos dubbed "Olympic Destroyer" is designed to jump from machine to machine within a target network, disabling boot information. The Talos group has found that Olympic Destroyer operated much like Nyetya and BadRabbit, two pieces of malware found in Ukraine that some have attributed to Russian Hackers.
In their comprehensive blog post about Olympic Destroyer, Talos identified the samples used in the attack—stating that it was not made to glean information from the Games but rather created just to disrupt. The malware's destructive functionality renders affected machines unusable by deleting shadow copies and event logs.
Investigating threats and ransomware is not new for Talos. The group shone particularly in 2017 by keeping companies and individuals safe. In September, Talos detected malware in the Avast's CCleaner software and alerted the public, ultimately helping protect millions.
With Talos on the case, many can feel a little more secure from cyber threats, but there is still work to be done by individuals. Cisco encourages everyone to evaluate their data center infrastructure by asking a couple questions; are the machines running on current software releases and is underlying infrastructure updated to their latest firmware releases?