Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

2/21/2020
11:25 AM
50%
50%

Olympics Could Face Disruption from Regional Powers

Destructive attacks and disinformation will likely target the Summer Olympics in Tokyo, two groups of threat experts say.

Japan's rivals in the Asia-Pacific region will likely target the nation with cyberattacks and disinformation during the coming Summer Olympics to be held in Tokyo this July, according to an assessment published by the Cyber Threat Alliance (CTA) on February 20.

Based on past attacks against the 2018 Olympics in Pyeongchang, South Korea, disruptive cyberattacks and distributed denial-of-service (DDoS) attacks are likely to target the Olympic Games' infrastructure. In addition, attacks on organizations related to the games, such as the World Anti-Doping Agency (WADA), will likely precede the games as well, says Neil Jenkins, chief analytical officer for the CTA.

"The most concerning threats [are] disruptive cyberattacks and disinformation campaigns conducted by nation-state actors from Russia, North Korea, and China," he says, adding that disinformation is a likely tactic as well. "Disinformation campaigns could use targeted data leaks to embarrass officials or participants and spread false narratives."

The threat analysis underscores that the Olympic Games are not just an arena for athletic rivalries between nations. Political tensions also spill over to cyberattacks.

While online attacks were limited to fraud and hacktivism in the 2008, 2010, and 2012 Games, a 40-minute denial-of-service attack did target the Olympic Park's power systems in 2012, with 10 million packets hitting the servers from 90 IP addresses, according to a RAND assessment of the threat to the 2020 Games.

"The Olympic Games are a target-rich environment, drawing athletes from more than 200 nations and worldwide media coverage," RAND stated in its own assessment. "This high visibility makes the games a target for those seeking to cause politically motivated harm, enrich themselves through criminality, or embarrass the host nation on the international stage."

Russian hackers will most likely attack the games, according to Jerry Ray, chief operating officer for enterprise data security firm SecureAge, which has an office in Tokyo. Between land disputes with Japan and its ongoing feud with WADA, Russia has not just the capability but the motivation to disrupt the Olympic Games in Tokyo.

"It's only a matter of time before Russia takes action against WADA again," Ray says. "These attacks will likely come via a combination of data leaks and disinformation aimed at exposing private or medical information on participating athletes and altering it to embarrass other countries or anti-doping officials."

While nation-state rivals are the most serious cyber threat to the Olympics, the chaotic business of hosting the games is a siren call to criminals, according to the assessments. While foreign intelligence services have the highest level of sophistication and impact, criminals are equally sophisticated — and while they may not aim to disrupt the games, their financial schemes could still cause havoc.

"The most likely threats are focused around criminal activity due to the large number of potential victims leveraging online systems to conduct business," CTA's Jenkins says. "Athletes, spectators, sponsors, and officials all must be vigilant and watch out scams, phishing emails, and spoofed websites that use the Olympics as a lure."

The Cyber Threat Alliance warned that threat analysts need to gather a much evidence as possible before attributing attacks. The 2018 Olympic Destroyer attack disabled IT systems and shut down Wi-Fi at the Pyeongchang Winter Olympics, and evidence overwhelmingly pointed to North Korea as the culprit in the attack. However, a few months later, Kaspersky cited its own research to state the telltale markers left behind were actually planted as part of a false-flag operation.

"If these actors were to leverage disruptive cyberattacks or conduct disinformation campaigns, they would do everything possible to make public attribution of their attacks difficult by leveraging false-flag techniques and obscuring their tooling," CTA's Jenkins says.

In a statement on February 20, security firm FireEye has concluded that the Russian intelligence group, GRU Unit 74455, is responsible for the attack on the Pyeongchang Olympics. Also known as Sandworm, the group is thought to be behind attacks on Ukraine's infrastructure and the 2016 US elections.

"In addition to the election interference, Ukraine blackouts, and the NotPetya incidents, we believe the organization was behind an attack on the Pyeongchang Olympics," John Hultquist, senior director of intelligence analysis at FireEye, said in the statement. "Notably, they have not been publicly admonished for their attempt to disrupt the Games, and we are concerned that the actors will target the Games in Tokyo this year."

Japan has prepared for more cyber activity in the run-up to the games. As part of a 2014 law aimed at improving the cybersecurity of its infrastructure, the country created a committee to study security measures that it should undertake. In 2019, the government announced an effort to scan 200 million internet-connected devices for vulnerabilities.

"The best thing the country can do in the short term is to create a countrywide push to educate its citizens and incoming tourists about how to protect themselves and their devices," says SecureAge's Ray. "After all, it's usually the human element that ends up being the weakest link in the cybersecurity chain."

Related Content

Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: "10 Tough Questions CEOs Are Asking CISOs."

Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/25/2020
Hacking Yourself: Marie Moe and Pacemaker Security
Gary McGraw Ph.D., Co-founder Berryville Institute of Machine Learning,  9/21/2020
Startup Aims to Map and Track All the IT and Security Things
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15208
PUBLISHED: 2020-09-25
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, when determining the common dimension size of two tensors, TFLite uses a `DCHECK` which is no-op outside of debug compilation modes. Since the function always returns the dimension of the first tensor, malicious attackers can ...
CVE-2020-15209
PUBLISHED: 2020-09-25
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, a crafted TFLite model can force a node to have as input a tensor backed by a `nullptr` buffer. This can be achieved by changing a buffer index in the flatbuffer serialization to convert a read-only tensor to a read-write one....
CVE-2020-15210
PUBLISHED: 2020-09-25
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, if a TFLite saved model uses the same tensor as both input and output of an operator, then, depending on the operator, we can observe a segmentation fault or just memory corruption. We have patched the issue in d58c96946b and ...
CVE-2020-15211
PUBLISHED: 2020-09-25
In TensorFlow Lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, saved models in the flatbuffer format use a double indexing scheme: a model has a set of subgraphs, each subgraph has a set of operators and each operator has a set of input/output tensors. The flatbuffer format uses indices f...
CVE-2020-15212
PUBLISHED: 2020-09-25
In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger writes outside of bounds of heap allocated buffers by inserting negative elements in the segment ids tensor. Users having access to `segment_ids_data` can alter `output_index` and then write to outside of `outpu...