- In late December, unidentified actors sent a "malicious document" to organizations tied to the upcoming Pyeongchang Olympics, an attack discovered and disclosed by McAfee. The cyberattack was disguised to look like it was sent from South Korea's National Counter-Terrorism Council, which had been conducting anti-terror drills in the area to prepare for the games.
- Once opened, the document asked users to enable content, embedding obfuscated PowerShell code that could evade detection, according to the report. The script created "an encrypted channel to the attacker's server," which could be exploited to "execute commands on the victim’s machine and to install additional malware."
- The malware marked the first known case of this type of attack in South Korea, which is expected to see an uptick in cyberattacks during the Olympic season. Instead of "weaponized documents" exploiting word processor software written in the Korean alphabet, Hangul, recent attacks have seen an uptick in the use of "weaponized Word documents against South Korean targets," according to McAfee.
In terms of who is to blame, McAfee told Buzzfeed that the sophistication of the attack and the matter of who the targets were "strongly indicate" a nation-state actor was responsible. However, the culprit is still unknown.
The 2016 Rio Olympics were already a cybersecurity challenge. With the growth in mobile devices and heavy internet traffic on and offsite, the Olympic Committee had to prepare technologically in many ways not required by previous games. The upcoming games are certain to continue this trend, especially with the increase in mobile devices.
But what especially distinguishes cyberattacks taking place in South Korea now is an overlap with a time of significant public tension. Leaders from North Korea and South Korea met Tuesday and agreed to reinstate a military hotline between the two countries and allow a North Korean delegation and competing athletes to attend the games, reports BBC.
As investigations into the cyberattack continue, businesses would do well to reevaluate their own security best practices. Enabling content on a what appears to be an innocuous Word document from a seemingly legitimate source is something that would not give most workers pause.
But the sophistication of this attack spotlights the need for thorough security training for all workers — including those of business partners and affiliated organizations, such as the ones targeted in this attack.