Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

2/21/2020
11:25 AM
50%
50%

Olympics Could Face Disruption from Regional Powers

Destructive attacks and disinformation will likely target the Summer Olympics in Tokyo, two groups of threat experts say.

Japan's rivals in the Asia-Pacific region will likely target the nation with cyberattacks and disinformation during the coming Summer Olympics to be held in Tokyo this July, according to an assessment published by the Cyber Threat Alliance (CTA) on February 20.

Based on past attacks against the 2018 Olympics in Pyeongchang, South Korea, disruptive cyberattacks and distributed denial-of-service (DDoS) attacks are likely to target the Olympic Games' infrastructure. In addition, attacks on organizations related to the games, such as the World Anti-Doping Agency (WADA), will likely precede the games as well, says Neil Jenkins, chief analytical officer for the CTA.

"The most concerning threats [are] disruptive cyberattacks and disinformation campaigns conducted by nation-state actors from Russia, North Korea, and China," he says, adding that disinformation is a likely tactic as well. "Disinformation campaigns could use targeted data leaks to embarrass officials or participants and spread false narratives."

The threat analysis underscores that the Olympic Games are not just an arena for athletic rivalries between nations. Political tensions also spill over to cyberattacks.

While online attacks were limited to fraud and hacktivism in the 2008, 2010, and 2012 Games, a 40-minute denial-of-service attack did target the Olympic Park's power systems in 2012, with 10 million packets hitting the servers from 90 IP addresses, according to a RAND assessment of the threat to the 2020 Games.

"The Olympic Games are a target-rich environment, drawing athletes from more than 200 nations and worldwide media coverage," RAND stated in its own assessment. "This high visibility makes the games a target for those seeking to cause politically motivated harm, enrich themselves through criminality, or embarrass the host nation on the international stage."

Russian hackers will most likely attack the games, according to Jerry Ray, chief operating officer for enterprise data security firm SecureAge, which has an office in Tokyo. Between land disputes with Japan and its ongoing feud with WADA, Russia has not just the capability but the motivation to disrupt the Olympic Games in Tokyo.

"It's only a matter of time before Russia takes action against WADA again," Ray says. "These attacks will likely come via a combination of data leaks and disinformation aimed at exposing private or medical information on participating athletes and altering it to embarrass other countries or anti-doping officials."

While nation-state rivals are the most serious cyber threat to the Olympics, the chaotic business of hosting the games is a siren call to criminals, according to the assessments. While foreign intelligence services have the highest level of sophistication and impact, criminals are equally sophisticated — and while they may not aim to disrupt the games, their financial schemes could still cause havoc.

"The most likely threats are focused around criminal activity due to the large number of potential victims leveraging online systems to conduct business," CTA's Jenkins says. "Athletes, spectators, sponsors, and officials all must be vigilant and watch out scams, phishing emails, and spoofed websites that use the Olympics as a lure."

The Cyber Threat Alliance warned that threat analysts need to gather a much evidence as possible before attributing attacks. The 2018 Olympic Destroyer attack disabled IT systems and shut down Wi-Fi at the Pyeongchang Winter Olympics, and evidence overwhelmingly pointed to North Korea as the culprit in the attack. However, a few months later, Kaspersky cited its own research to state the telltale markers left behind were actually planted as part of a false-flag operation.

"If these actors were to leverage disruptive cyberattacks or conduct disinformation campaigns, they would do everything possible to make public attribution of their attacks difficult by leveraging false-flag techniques and obscuring their tooling," CTA's Jenkins says.

In a statement on February 20, security firm FireEye has concluded that the Russian intelligence group, GRU Unit 74455, is responsible for the attack on the Pyeongchang Olympics. Also known as Sandworm, the group is thought to be behind attacks on Ukraine's infrastructure and the 2016 US elections.

"In addition to the election interference, Ukraine blackouts, and the NotPetya incidents, we believe the organization was behind an attack on the Pyeongchang Olympics," John Hultquist, senior director of intelligence analysis at FireEye, said in the statement. "Notably, they have not been publicly admonished for their attempt to disrupt the Games, and we are concerned that the actors will target the Games in Tokyo this year."

Japan has prepared for more cyber activity in the run-up to the games. As part of a 2014 law aimed at improving the cybersecurity of its infrastructure, the country created a committee to study security measures that it should undertake. In 2019, the government announced an effort to scan 200 million internet-connected devices for vulnerabilities.

"The best thing the country can do in the short term is to create a countrywide push to educate its citizens and incoming tourists about how to protect themselves and their devices," says SecureAge's Ray. "After all, it's usually the human element that ends up being the weakest link in the cybersecurity chain."

Related Content

Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: "10 Tough Questions CEOs Are Asking CISOs."

Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
boholuxe
50%
50%
boholuxe,
User Rank: Apprentice
2/22/2020 | 1:27:10 AM
Challenge for Japan
It will be a big challenge for Japan not only to oranise the Olympics but also to ensure cyber security
COVID-19: Latest Security News & Commentary
Dark Reading Staff 5/27/2020
The Problem with Artificial Intelligence in Security
Dr. Leila Powell, Lead Security Data Scientist, Panaseer,  5/26/2020
How an Industry Consortium Can Reinvent Security Solution Testing
Henry Harrison, Co-founder & Chief Technology Officer, Garrison,  5/21/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-13643
PUBLISHED: 2020-05-28
An issue was discovered in the SiteOrigin Page Builder plugin before 2.10.16 for WordPress. The live editor feature did not do any nonce verification, allowing for requests to be forged on behalf of an administrator. The live_editor_panels_data $_POST variable allows for malicious JavaScript to be e...
CVE-2020-13644
PUBLISHED: 2020-05-28
An issue was discovered in the Accordion plugin before 2.2.9 for WordPress. The unprotected AJAX wp_ajax_accordions_ajax_import_json action allowed any authenticated user with Subscriber or higher permissions the ability to import a new accordion and inject malicious JavaScript as part of the accord...
CVE-2020-13641
PUBLISHED: 2020-05-28
An issue was discovered in the Real-Time Find and Replace plugin before 4.0.2 for WordPress. The far_options_page function did not do any nonce verification, allowing for requests to be forged on behalf of an administrator. The find and replace rules could be updated with malicious JavaScript, allow...
CVE-2020-13642
PUBLISHED: 2020-05-28
An issue was discovered in the SiteOrigin Page Builder plugin before 2.10.16 for WordPress. The action_builder_content function did not do any nonce verification, allowing for requests to be forged on behalf of an administrator. The panels_data $_POST variable allows for malicious JavaScript to be e...
CVE-2020-8603
PUBLISHED: 2020-05-27
A cross-site scripting vulnerability (XSS) in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow a remote attacker to tamper with the web interface of affected installations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or ...