Darktrace’s Oakley Cox
With the recent cybersecurity attacks on Las Vegas hotels, it comes
as no surprise that meetings and conferences are highly susceptible to
cyber disruption, said Darktrace’s Oakley Cox. Below, the cybersecurity
analyst shares some of the common threats the industry needs to be aware
of.
Freezing access
“Attacks targeting critical IT systems can have significant financial
and reputational damage in an industry where low-level disruption can
have high impact, knock-on effects. A common attack technique is for an
attacker to encrypt files on IT systems so users can no longer gain
access. The attackers then demand a ransom in order to unlock the files.
This type of attack, called Ransomware, appears to be the one being used to target MGM, with daily losses for the casino estimated to be in the order of millions of US dollars.”
Ransomware beware
“Ransomware is probably the most widely publicised type of threat
which can lead to the disruption of events and conferences. Often these
attacks are financially-motivated and not tailored to a specific victim
or event. Highly targeted attacks by politically-motivated actors like
hacktivists or cyber terrorists could not only disrupt but also damage
infrastructure. These attacks can have an impact far beyond financial or
reputational damage, and have environmental or human health and safety
implications.
When the stakes are high, such as they are at events, organisers need cyber resilience across their digital estate and to be able to detect, respond and recover to cyber disruption at its earliest signs.
Oakley Cox, analyst technical director, APAC, Darktrace
“For example, the Opening Ceremony of the Pyeongyang Winter Olympics
in 2018 was targeted by politically-motivated hackers. On the night of
the ceremony, they successfully took down official websites, turned off
the stadium WiFi, and disabled access to security controls including
ticketing gates and CCTV. The attack was highly targeted and had the
potential to be highly damaging.
“In the example of the Winter Olympics, the organisers had robust and
well-practised emergency response plans which meant they could contain
the incident, keep the public safe, and recover systems before the
sporting events commenced the next day. It was not enough to rely on
prevention, and hoping firewalls and anti-virus would keep the bad guys
out. When the stakes are high, such as they are at events, organisers
need cyber resilience across their digital estate and to be able to
detect, respond and recover to cyber disruption at its earliest signs.”
Darktrace’s Aspire Command Centre managed security technology across eight stadiums during the Qatar World Cup.Building cyber resilience
“Darktrace Cyber AI understands what normal looks like for an
organisation. It uses an innate understanding of “normal” to detect
unusual activity and respond to a cyber threat at the earliest signs. It
means that on event day, when staff are busy and resources are tight,
the AI can autonomously monitor activity across all the IT systems being
used to support the event, and respond at machine speed when a threat
is identified.
“In 2022, Darktrace AI was used to protect the Qatar World Cup. Our
unique Self-learning AI was able to understand normal across all eight
stadiums, including multiple state-of-the-art technologies and their
inherent complexity. As a result, the event organisers could focus on
delivering a world-class event to billions of viewers, because for
global sports events, the show must go on.”
Qatar World Cup 2022 was highly complex to execute. The digital
infrastructure underpinning global tournaments, and the sophistication
and aggression of the threat actors (ransomware gangs, hacktivists, APT
groups) seeking to disrupt them, placed cyber security to the top of
organisers’ agendas. All eight stadiums were managed by a single
technology from the Aspire Command Centre in Doha.