Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

2/21/2020
11:25 AM
50%
50%

Olympics Could Face Disruption from Regional Powers

Destructive attacks and disinformation will likely target the Summer Olympics in Tokyo, two groups of threat experts say.

Japan's rivals in the Asia-Pacific region will likely target the nation with cyberattacks and disinformation during the coming Summer Olympics to be held in Tokyo this July, according to an assessment published by the Cyber Threat Alliance (CTA) on February 20.

Based on past attacks against the 2018 Olympics in Pyeongchang, South Korea, disruptive cyberattacks and distributed denial-of-service (DDoS) attacks are likely to target the Olympic Games' infrastructure. In addition, attacks on organizations related to the games, such as the World Anti-Doping Agency (WADA), will likely precede the games as well, says Neil Jenkins, chief analytical officer for the CTA.

"The most concerning threats [are] disruptive cyberattacks and disinformation campaigns conducted by nation-state actors from Russia, North Korea, and China," he says, adding that disinformation is a likely tactic as well. "Disinformation campaigns could use targeted data leaks to embarrass officials or participants and spread false narratives."

The threat analysis underscores that the Olympic Games are not just an arena for athletic rivalries between nations. Political tensions also spill over to cyberattacks.

While online attacks were limited to fraud and hacktivism in the 2008, 2010, and 2012 Games, a 40-minute denial-of-service attack did target the Olympic Park's power systems in 2012, with 10 million packets hitting the servers from 90 IP addresses, according to a RAND assessment of the threat to the 2020 Games.

"The Olympic Games are a target-rich environment, drawing athletes from more than 200 nations and worldwide media coverage," RAND stated in its own assessment. "This high visibility makes the games a target for those seeking to cause politically motivated harm, enrich themselves through criminality, or embarrass the host nation on the international stage."

Russian hackers will most likely attack the games, according to Jerry Ray, chief operating officer for enterprise data security firm SecureAge, which has an office in Tokyo. Between land disputes with Japan and its ongoing feud with WADA, Russia has not just the capability but the motivation to disrupt the Olympic Games in Tokyo.

"It's only a matter of time before Russia takes action against WADA again," Ray says. "These attacks will likely come via a combination of data leaks and disinformation aimed at exposing private or medical information on participating athletes and altering it to embarrass other countries or anti-doping officials."

While nation-state rivals are the most serious cyber threat to the Olympics, the chaotic business of hosting the games is a siren call to criminals, according to the assessments. While foreign intelligence services have the highest level of sophistication and impact, criminals are equally sophisticated — and while they may not aim to disrupt the games, their financial schemes could still cause havoc.

"The most likely threats are focused around criminal activity due to the large number of potential victims leveraging online systems to conduct business," CTA's Jenkins says. "Athletes, spectators, sponsors, and officials all must be vigilant and watch out scams, phishing emails, and spoofed websites that use the Olympics as a lure."

The Cyber Threat Alliance warned that threat analysts need to gather a much evidence as possible before attributing attacks. The 2018 Olympic Destroyer attack disabled IT systems and shut down Wi-Fi at the Pyeongchang Winter Olympics, and evidence overwhelmingly pointed to North Korea as the culprit in the attack. However, a few months later, Kaspersky cited its own research to state the telltale markers left behind were actually planted as part of a false-flag operation.

"If these actors were to leverage disruptive cyberattacks or conduct disinformation campaigns, they would do everything possible to make public attribution of their attacks difficult by leveraging false-flag techniques and obscuring their tooling," CTA's Jenkins says.

In a statement on February 20, security firm FireEye has concluded that the Russian intelligence group, GRU Unit 74455, is responsible for the attack on the Pyeongchang Olympics. Also known as Sandworm, the group is thought to be behind attacks on Ukraine's infrastructure and the 2016 US elections.

"In addition to the election interference, Ukraine blackouts, and the NotPetya incidents, we believe the organization was behind an attack on the Pyeongchang Olympics," John Hultquist, senior director of intelligence analysis at FireEye, said in the statement. "Notably, they have not been publicly admonished for their attempt to disrupt the Games, and we are concerned that the actors will target the Games in Tokyo this year."

Japan has prepared for more cyber activity in the run-up to the games. As part of a 2014 law aimed at improving the cybersecurity of its infrastructure, the country created a committee to study security measures that it should undertake. In 2019, the government announced an effort to scan 200 million internet-connected devices for vulnerabilities.

"The best thing the country can do in the short term is to create a countrywide push to educate its citizens and incoming tourists about how to protect themselves and their devices," says SecureAge's Ray. "After all, it's usually the human element that ends up being the weakest link in the cybersecurity chain."

Related Content

Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: "10 Tough Questions CEOs Are Asking CISOs."

Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
boholuxe
50%
50%
boholuxe,
User Rank: Apprentice
2/22/2020 | 1:27:10 AM
Challenge for Japan
It will be a big challenge for Japan not only to oranise the Olympics but also to ensure cyber security
HackerOne Drops Mobile Voting App Vendor Voatz
Dark Reading Staff 3/30/2020
Limited-Time Free Offers to Secure the Enterprise Amid COVID-19
Curtis Franklin Jr., Senior Editor at Dark Reading,  3/31/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
State of Cybersecurity Incident Response
State of Cybersecurity Incident Response
Data breaches and regulations have forced organizations to pay closer attention to the security incident response function. However, security leaders may be overestimating their ability to detect and respond to security incidents. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-8004
PUBLISHED: 2020-04-06
STMicroelectronics STM32F1 devices have Incorrect Access Control.
CVE-2020-7631
PUBLISHED: 2020-04-06
diskusage-ng through 0.2.4 is vulnerable to Command Injection.It allows execution of arbitrary commands via the path argument.
CVE-2020-7632
PUBLISHED: 2020-04-06
node-mpv through 1.4.3 is vulnerable to Command Injection. It allows execution of arbitrary commands via the options argument.
CVE-2020-7633
PUBLISHED: 2020-04-06
apiconnect-cli-plugins through 6.0.1 is vulnerable to Command Injection.It allows execution of arbitrary commands via the pluginUri argument.
CVE-2020-7634
PUBLISHED: 2020-04-06
heroku-addonpool through 0.1.15 is vulnerable to Command Injection.