Winter Olympics 2018 under siege from hackers, McAfee warns
Mysterious hackers using hard-to-detect "fileless" techniques.
The Winter Olympics set to take place next month in Pyeongchang, South Korea, are under siege from hackers, a leading cybersecurity company has found.
According to McAfee, criminals are targeting organisations linked to the event, using a booby-trapped Microsoft Word document to infect computers.
The hackers are using "fileless" techniques which are hard to detect by anti-virus software, experts said.
The malware – currently spreading via phishing emails – was found to be hidden inside a malicious image file.
"With the upcoming Olympics, we expect to see an increase in cyberattacks using Olympics-related themes," explained researchers Ryan Sherstobitoff and Jessica Saavedra-Morales in a blog post.
"In similar past cases, the victims were targeted for their passwords and financial information.
"In this case, the adversary is targeting the organisations involved in the Winter Olympics by using several techniques to make it more tempting to open the weaponised document," they added.
The hackers used lures, including one urging targets to click a button claiming it would help to display the content of the Word document. In reality, it would infect their machine.
While the recipient organisations were not named in the report, it said they all had "some association with the Olympics, either in providing infrastructure or in a supporting role". The emails were first spotted in circulation on 22 December 2017 and may still be active.
"The attackers appear to be casting a wide net with this campaign," McAfee researchers said.
In one case, the spoofed messages were posing as coming from South Korea's National Counter-Terrorism Center (NCTC). The experts traced the source IP address in one document to Singapore. The timing, McAfee said, was interesting as it coincided with physical anti-terror drills in the region.
The identity of the hackers remains unclear. In 2016, Russia-linked hackers targeted the World Anti-Doping Agency following its headline-grabbing Olympic ban.
Javvad Malik, security expert at AlienVault, said: "Criminals will often look to take advantage of major events. There are often hectic times with lots of emails flowing so it increases the likelihood of a recipient opening an infected email.
"The Olympics is one such event that attracts attackers [whether] to disrupt proceedings or to gain access to athlete data – something that has great value, as we saw when the world anti-doping agency was breached in 2016."