Chapter 4, Homework 4 | Jason Rivers ePortfolio

Explain the process used by the IT Staff with the help of AhnLab to defeat the Malware.

The IT staff, and AhnLab fight off the malware by isolating and creating a signature for the automated malware. After thinking that they’re gotten rid of the malware, they reset the password of every staff member, and finish fixing the IT infrastructure from backups. After this, the South Korean Olympics didn’t face any more cyber-attacks.

What individual or group was responsible for the strike against the Olympic Operating Systems, and what was their motive?

At first, they considered it being North Korean with their motive being they just wanted to embarrass South Korea on the national stage. Next, they suspected the Russians, who not only hosted the last Olympics, but had several national competitors caught up on a steroid scandal, which led to Russia being barred from competing in the South Korean Winter Olympics. To further support this, they were caught hacking the Worldwide Anti-Doping Agency, who carries out doping tests, and investigations. Finally, China comes up as a suspect after post-intrusion forensics reports find the malware was written in Chinese. A lot of signs point to China being the suspect, but looking at the delivery avenue of the infected Word file found that it was identical to the one used in the US election hack, leading it back to Russia. Their motives were as previously states, but also to frame North Korea for it.

What was the name of the Threat Intelligence Team that gave the worm the name “Olympic Destroyer?

The team that called the malware the “Olympic Destroyer” was called Cisco Talos. Talos is a cyber-intel team within Cisco, a popular hardware manufacturing company within IT.

What was the specific component that Sandworm was targeting at the Olympics?

Sandworm was targeting the passwords in the Olympic systems. The malware was similar to NotPetya, where it would focus on password stealing, then infect new systems with those passwords, and then delete the boot config, system data, and lock people out of the system.