
The 2018 Olympics Cyberattack - agarden
https://www.wired.com/story/untold-story-2018-olympics-destroyer-cyberattack/
======
gregdoesit
> At 6:30 am, the Olympics' administrators reset staffers' passwords in hopes
> of locking out whatever means of access the hackers might have stolen. Just
> before 8 that morning, almost exactly 12 hours after the cyberattack on the
> Olympics had begun, Oh and his sleepless staffers finished reconstructing
> their servers from backups and began restarting every service.

> Amazingly, it worked. The day's skating and ski jumping events went off with
> little more than a few Wi-Fi hiccups.

To me, this was the most interesting part of the article. What if the malware
was part of a previous backup? What if hackers had access to an existing
staffer, and the password reset would have been ineffective?

It reads like the fact that the winter Olympics streams worked just fine was a
matter of luck on these two, relatively simple measures working.

~~~
zaroth
In that sense, defending against _any_ cyber attack ultimately comes down to
an element of luck,... that the attacker didn’t gain access one level deeper,
that they didn’t exploit a particular vulnerability that would have allowed
wider or more persistent access, etc.

As far as initial response playbooks go, I would imagine password reset (with
session clearing) and restore from known working backup is a pretty good
start.

------
amadeuspzs
TL;DR - it was the Russians (GRU)

