Hackers are deploying malware capable of disrupting this year’s Winter Olympic Games, in Pyeongchang, South Korea. The malware has the potential to disable critical infrastructure and compromise sensitive information. Security software company McAfee is calling this effort “Operation PowerShell Olympics.”
Cybercriminals are using phishing scams to implement the attacks. The scams involve hackers sending email or social media messages that appear to be from a coworker or other reputable source to gain details about an account, such as passwords and personal information.
According to cybersecurity firm CrowdStrike, some 320 people in South Korea have received the malware to date—more than half of whom work for utilities, government, media, and technology institutions involved in the Olympics. The first scam was discovered in December, when email to Olympic staff members for the ice hockey competition was flagged as suspicious.
The malware is sophisticated. It has an in-memory implant, an attack that affects the .NET framework to create maximum compatibility among Windows users, and a newly released steganography tool that conceals a file or message within another file, making the malware harder to detect by anti-spam software. It appears in the recipient’s inbox as if it’s from South Korea’s national counterterrorism center. The message encourages the recipient to click on an attached document that, once opened, instructs the user to authorize the content to be downloaded.
If the user agrees, the malicious code hidden in the document is then decrypted into the device and provides a third party with access to the user’s server, allowing that party to execute hostile operations such as shutting down or interfering with utility services. Critical infrastructure attacks are on the rise, particularly on energy plants.
People continue to be the weakest link in preventing these types of attacks, oftentimes too trusting when it comes to downloading attachments and clicking on hyperlinks from unknown senders.
Hackers take advantage of large-scale events to deploy their attacks. Weak or nonexistent security provides the perfect means to deliver malicious software into critical systems. It’s important to raise awareness so hackers don’t achieve their goals.
Adam K. Levin is an expert on cybersecurity, privacy, identity theft, fraud, and personal finance. A former director of the New Jersey Division of Consumer Affairs, Levin is chair and founder of CyberScout and cofounder of Credit.com. He wrote Swiped: How to Protect Yourself in a World Full of Scammers, Phishers, and Identity Thieves.