Major events like the Winter Olympics attract a lot of attention from fans all around the world. For three weeks fans will watch in person, on televisions, and online to follow the various competitive events. This attention is attractive to advertisers but it’s also attractive to cyber criminals who will inevitably use the Games as lures for phishing and other social engineering campaigns. Threats related to the Winter Olympics go deeper than that, however.
Understanding the threat landscape related to events like the Olympics is one way to proactively identify threats ahead of any related compromise. It’s not hard to assume that phishing attacks will come that use the Olympics as a lure. Anyone who’s been in the security game for any period of time should know that drill pretty well. The more interesting pieces in the landscape puzzle are the sponsors, suppliers, and agencies that make the Olympics happen. A phishing lure to a supplier may not mention the Olympics at all but may instead lean on the relationship it has with another organization. Knowing this kind of attack was coming ahead of time helps organizations understand how to drive specific awareness around it. It also allows security teams to focus energy in places most likely to be impacted by such attacks.
Events like the Olympics are known far in advance. In the case of the 2018 Winter Olympics, the host city was chosen in July 2011. Planning began shortly thereafter with the creation of a coordination commission in August. Within a year of the announcement, activity was well underway to prepare for the Games. Details that trickled out via media stories and press releases could have armed potential attackers with valuable information for delivering targeted attacks long before the Olympics begin.
It is also important for defenders to understand the geopolitical forces at play in the region where the Games will be held. In the case of the Olympics in PyeongChang, the tensions between North and South Korea could play a role in any potential attacks (even if indirectly). North Korea may not have any interest in doing anything to disrupt the games but may be interested in a display of power during or near the timeframe of the Games. Given the recent agreement between North and South Korea regarding North Korea’s planned participation in the games, even this is now less likely. As always however, any entity with interests or activities that relate to South Korea or the Olympics should stay abreast of any changing developments in the region.
Another somewhat obvious angle to be aware of is the Russian doping scandal and expected fallout. Since the International Olympic Committee (IOC) banned Russia from participating in the 2018 Winter Olympics, the Fancy Bears’ Hack Team has released compromised emails and other documents from a number of doping related organizations and even the IOC. Their goal seems to be to exonerate Russia for its doping scandal by exposing what they believe to be similar abuses of banned substances across international athletics. Any organization related to doping, international athletics, or even athletes themselves should be aware of this activity and seek extra protections around their email accounts and sensitive documents.
Awareness is a big step in knowing where to look for attacks and signs of compromise. Understanding the threat landscape and how it changes over time helps keep defensive teams situationally aware and how to position defensive focus.
For a broader look at the threat landscape around the 2018 Winter Olympics in PyeongChang, South Korea, download our 2018 Olympics Report.
Travis Farral is the Director of Security Strategy for Anomali. With over 20 years of security industry experience, he has developed a strong background in threat intelligence, incident response, and Industrial Control Systems security. Previously Travis ran the Cybersecurity Intelligence & Strategic Services team at ExxonMobil and spent several years at companies such as Nokia and XTO Energy.