The 2018 Olympics Cyberattack (opens in new tab)

(wired.com)

89 pointsagarden6y ago4 comments

4 comments

4 comments · 2 top-level

gregdoesit6y ago· 2 in thread

> At 6:30 am, the Olympics' administrators reset staffers' passwords in hopes of locking out whatever means of access the hackers might have stolen. Just before 8 that morning, almost exactly 12 hours after the cyberattack on the Olympics had begun, Oh and his sleepless staffers finished reconstructing their servers from backups and began restarting every service.

> Amazingly, it worked. The day's skating and ski jumping events went off with little more than a few Wi-Fi hiccups.

To me, this was the most interesting part of the article. What if the malware was part of a previous backup? What if hackers had access to an existing staffer, and the password reset would have been ineffective?

It reads like the fact that the winter Olympics streams worked just fine was a matter of luck on these two, relatively simple measures working.

zaroth6y ago

In that sense, defending against any cyber attack ultimately comes down to an element of luck,... that the attacker didn’t gain access one level deeper, that they didn’t exploit a particular vulnerability that would have allowed wider or more persistent access, etc.

As far as initial response playbooks go, I would imagine password reset (with session clearing) and restore from known working backup is a pretty good start.

anon1110286y ago

It was deeper than a backup. I think before that, they mentioned backups were infected/destroyed before they could even be brought up.

  The paragraph before your quote also mentioned an outside security firm gave them a patch of some sort as well.

So with the patch, removing all sources of the malware, and changing passwords, AND THEN replacing with backups? That's kind of what I imagined happening to secure the network.

amadeuspzs6y ago

TL;DR - it was the Russians (GRU)

j / k navigate · click thread line to collapse