News & Events

Winter Olympics Opening Ceremony on thin ice following cyber attack

Tuesday, February 13, 2018

Just before the start of the Winter Olympics 2018 opening ceremony last Friday, the official website was taken offline after being hit by a cyber attack.

The outage also affected TV, internet access and Wi-Fi at the Games, with some users unable to print tickets or access information about the event.

At a Sunday evening news conference, Pyeongchang 2018 spokesperson Sung Baik-you confirmed these outages were caused by an attack.

This wasn’t the first time the 2018 Winter Games had come under attack from hackers. Back in January, McAfee discovered a campaign targeting related organisations leading up to the games, in the form of malicious e-mails sent to Olympic officials.

Cisco's Talos team has been looking into the malware used. It appears to be tailored for the Pyeongchang 2018 event, infecting machines via an as-yet unknown infection vector, stealing passwords from the Windows Registry and web browsers, traversing the networking, and deleting files then preventing them from being recovered.

While the Winter Olympics was a large-scale event to target, hackers and thieves know no bounds, and it isn’t necessarily the size that counts, but the value of the data held or the profile of a company website. Below, we share our 5 top tips for preventing cyber attacks.

Read the BBC’s coverage of the Winter Olympics opening ceremony attack here.

How can you protect your business?

 Put all employees on full alert and ask your IT specialists to give you assurance on these five points as part of your cyber security arrangements.

1. Update systems - Upgrade all obsolete/unsupported systems and ensure all systems have the latest security updates applied. A lack of patching systems and use of unsupported systems appears to be a common weakness in those who have been affected.

2. Check backups - Check that all data backups or system snapshots are very recent and are disconnected/air gapped from your network once complete. This will stop your back up systems being infected if something does ‘get in’.

3. Secure emails - Ensure email is passed through effective content filters and that all users are made aware not to blindly trust email messages. Be suspicious of any emails you receive with the following characteristics, even if they appear to come from staff or trusted sources:

  • Links to websites you were not expecting – this is the most common attack vector
  • Attachments that you were not expecting
  • Attachments with obscure names such as “document346837691873”
  • Addressed generically such as “Dear Customer” or not addressed at all
  • Misspellings
  • Requests for immediate action
  • Content that refers to anything “too good to be true” - bank transfers to your account, lottery winnings, etc.

4. Restrict access - Regularly review user access permissions to data and restrict them to the absolute minimum needed. If someone doesn’t need access to some piece of data in the network, then don’t give them access to it. The less employees who have access to the data, the lower the number of access points that the data could be affected by.

5. Improve security - Implement two-factor authentication, especially for access to all remote access and online services. This adds a second layer of protection by an authentication mechanism to check that the identity of the user is legitimate. Password protection itself is not infallible. 

Insurance can support these testing times and provide access to the experts that are needed to rectify the issues. Find out more about our Cyber coverage here or contact your Tokio Marine HCC underwriter today to discuss our Cyber Insurance.

 

Tokio Marine HCC Cyber Protect from Tokio Marine HCC on Vimeo.