Cloud security comes into question as Atos' Winter Olympics service hit

19 February 2018 3 min. read
More news on

Hackers armed with destructive malware appear to have compromised the main IT service provider for the Winter Olympic Games. The breach, which took place months before, has since led to a number of technical failures at the games in PyeongChang.

Atos had announced that Pyeongchang would be the first Olympics where all critical IT applications – including the distribution of results in real time like the Olympic Diffusion System (ODS) – would be remotely managed and hosted on the Cloud. However, following a number of glitches during the games, it has been revealed that the IT company supporting the Winter Olympics has been the victim of a pervasive cyberattack.

Destructive wiper malware, unofficially dubbed “Olympic Destroyer,” is reportedly behind a series of security breaches disrupting the Games, including local wi-fi downtime and the crash of the Winter Olympics website, which hindered ticket sales during the opening ceremony. While, as is typical in the present global climate, Russia, China, and North Korea have all been accused publicly as likely culprits by a variety of sources, as in virtually every cyberattack, the actual attribution of blame remains nearly impossible.

The hack, first reported by CyberScoop, was first identified by Cisco’s Talos unit, and according to the firm’s experts, was likely deployed on February 9th by an actor who had previously infiltrated Atos. Evidence linking the malware to a previous cyberattack at Atos was unearthed via VirtusTotal, a popular site run by Google’s Alphabet, which analyses suspicious files using myriad anti-malware scanners.

Cloud security comes into question as Atos' Winter Olympics service hit

The evidence was recently posted to the VirusTotal repository, but information associated with the malware samples carries indications that the hackers were inside Atos systems since at least December. Some of the earliest samples were uploaded by unnamed VirusTotal users geographically located in France, where Atos is headquartered, and Romania, where some members of Atos’ security team work. The malware required a bank of authentic login credentials to actual accounts of Olympics staff in order to quickly propagate and spread a destructive payload, which deletes files, like shadow backups, boots configuration data (BCD) and event logs on infected machines.

A spokesperson with Atos later told reporters, “Following technical incidents during the Olympic Games Pyeongchang 2018 opening ceremony, a thorough investigation is being conducted. Together with our partner McAfee Advanced Threat Research, we can confirm that the cyberattack, which caused no critical disruption of the Olympic Games, used hardcoded credentials embedded in a malware. The credentials embedded in the malware do not indicate the origin of the attack. No competitions were ever affected and the team is continuing to work to ensure that the Olympic Games are running smoothly. At this moment in time, we are coordinating with our partners and the appropriate authorities as investigations continue.”

Although it’s not clear whether the hackers used their apparent intrusion into Atos to affect the Olympics, evidence of such a compromise is nonetheless noteworthy, as it further illustrates the risks posed to relying on external services to store data and share internet applications in the cloud. Cloud technology was at the heart of two other potential breaches in the professional services industry last year.

The world’s largest cybersecurity consultancy, Deloitte, was hit by a high profile hack. Emails to and from Deloitte’s 244,000 staff which were stored in the Azure cloud service were the target of a cyberattack in 2017. Meanwhile, though it appeared that major damage was averted, Accenture reportedly left a large cache of sensitive information without password protection on their cloud storage.