Olympics Abate Nuclear War Threats—But Not Cyber Ones

Smiles, cheers and perfectly coordinated North Korean cheerleaders: Those were just some of the sights in Pyeongchang, the site of this year's Winter Olympics—and it's a hell of a lot better sight than what came before it.

Forgotten (at least for now) is the rhetoric by both the United States and North Korea, with the blustering, boasting, and near-outright threats that many feared would turn the hot rhetoric into something far more destructive. The world got a pass on that threat, at least through Feb. 25, when the Winter Games conclude.

But despite the games, it's not like peace is breaking out all over; the cyber war is still with us, including much (suspected) bad cyber-acting by North Korea, and it's as bad as ever. Just hours before the games officially opened on Feb. 9, the official Pyeongchang 2018 website went down, while at the same time, Wi-Fi was knocked out and television transmissions were jammed at the games' press center. Researchers believe they have identified the malware used in the attack but haven’t said who was behind it.

Of course, North Korea immediately jumps to mind as a suspect—as does Russia, China, Iran, organized crime, script kiddies—a whole universe of bad actors, of which there are far too many. One reportedly North Korea-sourced attack to infect viewers entailed sending Korean-language emails relating to the games that contained a document laced with a malware-containing macro—an exploit that none of the best-known anti-malware systems are capable of detecting. Using sophisticated social engineering and authentic-looking logos and language, the messages were opened by a significant number of people.  

So how do you fight what is essentially an invisible enemy who outguns your best defenses every time? The only way is to keep that enemy far, far away. Malware, and the messages and files that transport it, must be interdicted before it enters a computer and from there a network.

But “interdiction” doesn’t necessarily mean elimination; very often, hackers will appropriate a file you need to transport malware. The only way to keep the functionality of files along with eliminating malware is via cybersecurity systems that sanitize files, macros and any other missives hackers send out. The systems analyze files, looking for anomalies that don't belong. When they find these anomalies, they remove the offending component.

For example, a recent favorite hacker attack vehicle is the use of an embedded macro in a Word document, that when activated opens up a port for later undetected delivery of a malware attack. The Word document is sent as an attachment (often from an account you are familiar with, after it has been hacked), with the malware a part of the document’s macros. It’s next to impossible for any standard security system to detect, and it’s just the kind of thing that can slip through a sandbox, which cannot detect malware embedded in macros.

The best a sandbox can do is ban a suspicious document altogether, but as we mentioned, the document itself may be perfectly legitimate (as opposed to the macros hackers surreptitiously planted in the document). Much better would be a cybersecurity system that would simply remove the threatening component of a file; once it’s been cleaned up, the system will push it to the user. For many organizations and agencies, this is a must. Files may contain important data that needs to be reviewed or used, and cleansing the file ensures that the flow of work continues. With a system like this,  it doesn't matter that we can't identify the bad actors—and it doesn't matter what scams they come up with. Whatever attacks they have up their sleeves, we’ll be ready—and protected.

Itay Glick is the chief executive officer of Votiro.