UN Agency Reports Five Times As Many Incidents Compared to 2019
The World Health Organization, which has been at the forefront of the global COVID-19 pandemic, has witnessed a “dramatic” increase in the number of attacks since the healthcare crisis began earlier this year, according to the agency’s CIO.
See Also: Role of Deception in the ‘New Normal’
The number of attacks and hacking incidents targeting the United Nation’s organization is now five times the amount the WHO saw during the same time period in 2019, according to CIO Bernardo Mariano.
“Ensuring the security of health information for Member States and the privacy of users interacting with us is a priority for WHO at all times, but also particularly during the COVID-19 pandemic,” Mariano says.
Mariano’s update comes the same week that someone dumped over 25,000 email addresses and passwords online, including ones that belonged to the WHO, the Gates Foundation, the U.S. National Institutes of Health and other organizations, according to several published reports (see: WHO, Gates Foundation Credentials Dumped Online: Report).
Of that number, over 2,700 email address and password combinations belonged to the WHO, and nearly 460 were still valid. This forced the organization to reset its employees’ credentials. These and other attacks are driving the WHO to move to a more secure authentication system as well as work with private companies to strengthen internal security and better training for its staff, Mariano says.
Since the world first became aware of COVID-19 in January, the WHO has been one of the leading agencies attempting to combat the disease and stop its spread. This high-profile position has also meant the organization is now a top target of cybercriminals and nation-state actors attempting to use its name and reputation for their own means (see: More Phishing Campaigns Tied to Coronavirus Fears).
Over the past four months, cybercriminals have launched numerous phishing campaigns that spoof the WHO’s name and image in either phishing emails or the malicious domains created to harvest victims’ persona data, credentials or other information (see: COVID-19 Phishing Schemes Escalate; FBI Issues Warning).
In addition, Mariano warned this week that fraudsters are targeting the general public in order to funnel charitable donations to a fictitious fund that resembles the legitimate COVID-19 Solidary Response Fund, which is overseen by the WHO and the U.N.
Nation-state threat actors are also using the WHO’s name, image and likeness as part of their cyber espionage campaigns.
This week, Google’s Threat Analysis Group released a report that looked at a dozen advanced persistent threat groups using COVID-19 themes as part of their ongoing operations. This includes hackers tied to Iran as well as an unnamed South American country, Google notes.
“These findings show that health organizations, public health agencies, and the individuals who work there are becoming new targets as a result of COVID-19,” according to the Google report.
Phishing emails spoofing the WHO (Source: Google)
In addition to the Google report, a nation-state hacking group reportedly with ties to South Korea targeted the WHO in March during a spear-phishing campaign that was designed to harvest credentials (see: Hackers Targeted World Health Organization).
Other COVID-19-Themed Attacks
While the WHO is one of the most high-profile agencies targeted by cybercriminals and nation-state hacking groups, other organizations have seen a dramatic rise in various security incidents, especially around phishing attempts.
This week, security firm Zscaler released on report concerning phishing campaigns and malicious domains using COVID-19 as a lure. In January, the company reported about 1,200 of these incidents, but that number increased to 380,000 incidents in March. That’s an eye-popping 30,000 percent increase, according to the report.
In addition, Zscaler found that since the start of the healthcare crisis in January, about 130,000 suspicious domains have been registered. These domains include keywords such as “test,” “mask,” “Wuhan” and “kit,” according to the report.
And while attackers have focused on using COVID-19 as a lure, Brock Bell, principal consultant with the Crypsis Group, an incident response and risk management firm, notes that these tactics are likely to change over time as cybercriminal and hacking groups adjust to their messages based on the news of the day.
“The change is less about the pure volume of phishing attacks, and more closely aligned with the subject matter that threat actors believe will best trick their victims,” Bell tells Information Security Media Group. “Health organizations that are looking to pool community resources into join task forces, information shares, and platforms are at a higher risk of being targeted by campaigns looking for credentials.”
Managing Editor Scott Ferguson contributed to this report.