Share this article on:
The World Health Organization is one of the leading agencies combating COVID-19 and has proven to be an attractive target for hackers and hacktivists, who have stepped up attacks on the organization during the COVID-19 pandemic. Cyberattacks on WHO are at five times the level they were at this time last year.
Last month, WHO confirmed hackers had tried to gain access to its network and those of its partners by spoofing an internal WHO email system and the attacks have kept on coming. Last week, SITE Intelligence Group discovered the credentials of thousands of individuals involved in the fight against COVID-19 had been dumped online on 4chan, Pastebin, Telegram, and Twitter. Around 25,000 email and password combos were leaked in total, including around 2,700 credentials for WHO staff members. WHO said the data had come from an old extranet system and most of the credentials were no longer valid, but 457 were current and still active.
In response, WHO said it performed a password reset to ensure the credentials could no longer be used, internal security has been strengthened, a more secure authentication system has been implemented, and security awareness training for its staff is being improved.
The remainder of the dumped credentials came from organizations such as the Gates Foundation, Centers for Disease Control and Prevention, and the National Institutes of Health. It is not clear where the data came from or who leaked it online, but the credentials have been used far right groups to attack organizations working on vaccines and conducting other activities related to COVID-19.
“Ensuring the security of health information for member states and the privacy of users interacting with us is a priority for WHO at all times, but also particularly during the COVID-19 pandemic,” said WHO CIO, Bernardo Mariano. “We are grateful for the alerts we receive from Member States and the private sector. We are all in this fight together.”
Mariano also confirmed that ongoing phishing campaigns are being conducted that spoof WHO to trick people into making donations to a fictitious fund similar to the COVID-19 Solidarity Response Fund that is overseen by WHO and the United Nations. Campaigns are also being conducted by nation-state hacking groups that spoof WHO to trick people into downloading malware that is used for espionage.
Malicious attacks using COVID-19 and coronavirus themes have soared over the past few weeks. Data released by cybersecurity firm Zscaler shows there has been a 30,000% increase in COVID-themed attacks in March compared. In March there were around 380,000 attempted COVID-19 themed attacks, compared to around 1,200 in January and 10,000 in February.
There was an 85% increase in COVID-19-themed phishing attacks on remote enterprise users, a 17% increase in threats directed at enterprise clients, and the company blocked 25% more malicious websites and malware samples in March. The company also detected 130,000 suspicious or malicious newly registered domains that included words such as Wuhan, test, mask, and kit.
Many of the attacks are succeeding. Figures from the FTC indicate around $19 million has been lost to COVID-19 related scams since January 2020, with $7 million lost in the past 10 days. Figures released by Google earlier this month revealed that in a single week it blocked 18 million COVID-19 phishing emails. While the number of COVID-19 themed attacks has increased sharply, overall the number of attacks has remained fairly constant. Microsoft reports that the number of cyberattacks has not significantly increased during the COVID-19 pandemic. Threat actors are simply repurposing their infrastructure and switching from their regular campaigns to COVID-19 related attacks.