Faster, Higher & Stronger – Not Quite! 2018 Winter Olympics not Immune to Cyber Security Issues!

Blog / Faster, Higher & Stronger – Not Quite! 2018 Winter Olympics not Immune to Cyber Security Issues!

Karl Buckley, our Cyber Security Supervisor, penned an interesting article on the malware attacks prevalent at the 2018 Winter Olympics in South Korea. Here it is:
 

There have recently been many articles released about how the Olympics have been hit with a Malware attack that brought down the network and disrupted communications:

http://www.bbc.com/news/technology-43030673

https://www.nytimes.com/2018/02/12/technology/winter-olympic-games-hack.html

https://www.cnet.com/news/winter-olympics-pyeongchang-cyberattack-hack-internet-wifi/

https://www.theverge.com/2018/2/11/17001594/2018-winter-olympics-cyberattack-pyeongchang-opening-ceremonies

 

Well, more information has come to light as to how this attack could happen:

https://blog.knowbe4.com/2018-winter-olympics-malware-campaign-hides-malicious-powershell-script-in-image 

http://variety.com/2018/digital/news/olympic-destroyer-cyberattack-pyeongchang-opening-ceremony-1202696489/

 

How did they do it?

Phishing emails. The attackers sent emails that looked like they were from South Korea’s Anti-Terrorism Center. They had Word documents attached, that ran a script which allowed the attackers to compromise the network.

 

That’s what Antivirus software is supposed to detect… right?

No. AV software is meant to detect files. The script was hidden inside an image. Pretty much every AV software out there currently ignores images, because you can’t attach a virus to them. In this case, the script didn’t install any sort of Malware or download something from the Internet. So, there was pretty much nothing for AV software to detect in the first place.

What the script did was attack services on the machines and spread itself to other devices on the network. It was a targeted attack, intended to bring down the network. Whoever designed this, had knowledge about the set, configuration and users within the Olympic network.

Targeted or not, the fact that users opened the Word documents in the first place and explicitly allowed the scripts to run (Word won’t run them automatically, by default), shows a monumental lack of basic email etiquette.

 

So here are some tips to remember when it comes to dealing with your email:

 

Email was not designed to be secure

It was designed, from the ground up, to get a message from point A to point B, without knowing where point B is ahead of time. It does this very well; after all, that was the design’s primary goal.

It was not built to be secure. It was not built to have strict rules applied to the transmission of data. This is a good thing, because it means email is an incredibly flexible and powerful tool. Unfortunately, it also means there are lots of ways to cheat the system.

 

Treat your email the same way you treat real world mail

Just because the envelope says, “Revenue Canada” on it, doesn’t mean it came from there. If you aren’t certain, you should do the same thing that you do with real junk email and put it in the trash, without even opening it.

Look at the email, the contents, the email address it came from, the title; look at everything! If something doesn’t seem quite right, it’s probably a fake. Remember that any decently-sized companies (even small ones) have email administrators to properly set up their email systems.

 

Never open attachments you don’t completely, totally, 100% trust

“Mostly trust” is not 100% trust. Even someone you know could get infected with something and wind up sending you Malware. If you’ve never seen the sender before, don’t open the attachment. If it comes from somewhere you recognize, but something seems a little strange, don’t open the attachment. If you have any doubts whatsoever, don’t open the attachment.

If something seems a little strange, don’t be afraid to forward the email to your IT department and ask them to look at it. Also, if it seems important, you can always pick up the phone and make a call-in order to make sure everything is okay.

 

Spammers/Scammers know how email works

They know how the system works. They know how the spam-detection checks work. They know how all of it works, and they know it a lot better than you do. That’s how they get to be successful: by exploiting the normal behavior of email.

Don’t make assumptions about how things work, or “should” work. Learn the basics about how they work. If you operate a motor vehicle, you’re expected to know how to put gas into the tank, get regular maintenance performed, change your tires periodically, etc. Email should be no different, because it’s a vector that can be used to attack you and your company.

 

If you have any questions about your email, you can always reach out to your TRINUS Account Manager for some stress-free IT.

/Partners /Systems /Certifications

TRINUS is proud to partner with industry leaders for both hardware and software who reflect our values of reliability, professionalism and client-focused service.