IOTW: Tokyo Olympics Suffers a Fujitsu-Related Breach

Add bookmark
Lisa Morgan
Lisa Morgan
08/06/2021

The Tokyo Olympics organizing committee had its Fujitsu data sharing tool compromised late last month which resulted in a data leak involving the names and affiliations of people from 90 organizations working with the Olympics. The same vulnerability was successfully exploited to access data at Japanese ministries. Fujitsu has suspended use of the data sharing tool pending further investigation. 

Some of the Tokyo Olympics victims had participated in a cyber security drill hosted by Japan's National Center of Incident Readiness and Strategy for Cybersecurity (NISC), which was yet another victim of the exploit.

The Facts

In late May, Fujitsu disclosed a vulnerability which had impacted its corporate and government clients, which also included the Tokyo Olympics. On June 2, Japan's Cabinet Cyber Security Center confirmed that it had been breached. Fujitsu provides digital transformation services and oversees clients' computer systems.

On July 19, the U.S. Federal Bureau of Investigation (FBI) issued an alert saying that the Tokyo Olympics would likely be a target of any number of possible attacks including "DDoS, ransomware, social engineering, phishing campaigns or insider threats..." and that such attacks could disrupt virtually any aspect of operations. The FBI stated that it was not aware of any specific threat, but that partners of the Olympics should also be vigilant. Within days, the Olympics had been hit.

Separately, the hackers created a fake web page for Olympics attendees and event staff which duped 170 people linked to the Olympics into handing over their credentials. Subsequently, those credentials were used to steal the victims' names, addresses and bank account numbers. 

Lessons Learned

The Russians have been considered a cyber security threat to the Olympics ever since Russian athletes were banned for using steroids. In 2018, the FBI indicted Russian hackers for compromising computers supporting the 2018 PyeongChang Winter Olympics which disrupted the opening ceremonies. The bad actors deployed OlympicDestroyer malware and damaged webservers. South Korean citizens and officials, Olympic athletes, partners, visitors and Olympic Committee officials had been targeted with spear phishing campaigns and malicious mobile applications. 

With more than 140,000 members, Cyber Security Hub is the vibrant community connecting cyber security professionals around the world.

Quick Takes

Following are the FBI's recommendations:

  • Maintain business continuity plans and preemptively evaluate potential continuity and capability gaps.
  • Review or establish security policies, user agreements, and patching plans to address current threats posed by malicious cyber actors. 
  • Patch and update operating systems, software, and firmware as soon as manufacturer updates are available. 
  • Regularly change network system and account passwords and avoid reusing passwords for multiple accounts. 
  • Utilize MFA when possible. 
  • Monitor remote access/Remote Desktop Protocol (RDP) logs and disable unused remote access/RDP ports. 
  • Implement listing policies for applications and remote access that only allow systems to execute known and permitted programs under an established security policy. 
  • Regularly audit administrative user accounts and configure access controls under the concept of least privilege. 
  • Regularly audit logs to ensure new accounts are legitimate users. 
  • Scan the network for open and listening ports, and mediate those that are unnecessary. 
  • Identify and create offline backups for critical assets. 
  • Implement network segmentation
  • Automatically update antivirus and anti-malware solutions and conduct regular virus and malware scans. 
  • Regularly monitor VPNs
  • Regularly update VPNs, network infrastructure devices, and devices used for remote work environments with the latest software patches and security configurations. 
  • When possible, implement multi-factor authentication on all VPN connections. 
  • Monitor network traffic for unapproved and unexpected protocols. 
  • Discontinue unused VPN servers that may be used as a point of entry for attackers.
  • Do not pay a ransom.
  • Have an incident response plan in place.
  • Provide end user awareness and training. Make sure end users know whom to contact.