The World Health Organization (WHO) is a prominent agency that is combating COVID-19. Hackers and hacktivists have increased attacks on WHO as it deals with the COVID-19 pandemic. WHO gets five times more cyberattacks now compared to the same time last year.
Last month, WHO affirmed that hackers had tried to access its network as well as those of its partners by means of spoofing an internal email system of WHO and since then the attacks have kept coming. Last week, SITE Intelligence Group identified the credentials of a huge number of people engaged in the battle against COVID-19 that were dumped on the web on Pastebin, 4chan, Twitter and Telegram. Roughly 25,000 email and password information was revealed, which include about 2,700 credentials of WHO personnel. WHO mentioned the data were derived from an old extranet system and the majority of the credentials were not legit any more, but 457 were new and still active.
As a response to the situation, WHO performed a password reset to make sure that the credentials aren’t usable, strengthened internal security, implemented a more secure authentication system, and improved the employees’ security awareness training.
The other dumped credentials were from institutions like the Centers for Disease Control and Prevention, the Gates Foundation and the National Institutes of Health. It isn’t clear where the data came from or who exposed it on the internet, but the credentials were used for the right groups to attack agencies making vaccines and performing other activities associated with COVID-19.
WHO CIO, Bernardo Mariano, stated that making sure that the safety of health data for member states and the privacy of users interacting with us is WHO’s top priority at all times, but also particularly throughout the COVID-19 pandemic.
Mariano additionally affirmed that continuing phishing campaigns are performed that spoof WHO to mislead individuals into giving donations to a fictitious fund like the COVID-19 Solidarity Response Fund which is overseen by WHO and the United Nations. Nation-state hacking groups also conduct campaigns that spoof WHO to mislead individuals into downloading malware which is used for espionage.
COVID-19 and coronavirus themed malicious attacks have skyrocketed over the past few weeks. Data revealed by cybersecurity company Zscaler indicates that COVID-themed attacks increased by 30,000% in March with about 380,000 COVID-19 themed attacks attempted in contrast to January’s 1,200 or February’s 10,000.
COVID-19-themed phishing attacks on remote enterprise users increased by 85%. Threats directed at enterprise clients increased by 17%. In March, the company prevented 25% more malicious sites and malware samples. The company likewise identified 130,000 suspicious or malicious newly created domains that used words such as mask, Wuhan, test, and kit.
A lot of the attacks are successful. Statistics from the FTC suggest about $19 million went to COVID-19 associated scams since January 2020, while $7 million was lost within the past 10 days. Google shared statistics earlier this month that in one week it prevented 18 million COVID-19 phishing emails. Though the number of COVID-19 themed attacks has gone up dramatically, overall the number of attacks has stayed fairly steady. Microsoft information cited that cyberattacks did not significantly increase throughout the COVID-19 crisis. Threat actors are just repurposing their infrastructure and transitioning from their normal campaigns to COVID-19 related attacks.