The Winter Games in Korea and Support from Sports-ISAO

Since the Opening Ceremony, Sports-ISAO has demonstrated a public-private partnership (PPP) model that has been engaged in supporting government and commercial efforts to help defend against cyber threats.  Part of the Sports-ISAO effort has incorporated its intelligence crowdsourcing method, involving vetted university students that Sports-ISAO previously trained through its partnership with the c-Watch Program.

Sports-ISAO daily reports have been shared with its PPP stakeholders.  Analysts have researched the Olympic Destroyer and Gold Dragon cyberattack malware, and shared defensive measures and geopolitical considerations about the attack landscape.  Defensive measures, especially in preparation for the Closing Ceremony – but also useful to other sport communities and others seeking to learn from the sophisticated attacks occurring in Korea – have been shared with our stakeholders.  These defenses have been developed after reverse-engineering the Tactics, Techniques, and Procedures (TTP) of the known attacks; and also from observing the specific functionality of Olympic Destroyer and Gold Dragon.  The suggested defensive measures are listed below.

Sports-ISAO also points out, bolstered by knowledge once again gained from supporting this international sport event, the urgency of utilizing cyber threat intelligence, rapid exchange of indicators of compromise (IOC) for analysis, and rapid dissemination of defensive measures.  This is the role, function, and purpose of information sharing and analysis organizations (ISAO).

Our list of recommended defensive measures follows, which are responsive to the TTP of attacks occurring in Korea.  Additionally, Sports-ISAO anticipates new attacks which would most likely adopt new TTP and malware functionality.  Accordingly, preparation for the Closing Ceremony should involve advance coordination with security partners, open lines of communication, and readiness for surge operations.

Suggested Defensive Measures:

  • Ensure all rule sets on all network and endpoint security are checked against the TTP and Indicators Of Comprise (IOC); check with vendors’ deployments of IOC-specific defensive measures

You must be logged in to post a comment Login