Hackers target top officials at World Health Organisation

0 9

NEW YORK – Top at the World are being targeted by as they work on the global response to the coronavirus pandemic.

The WHO’s security team has seen an increasing number of attempted cyber attacks on the officials since mid-March, according to the organisation’s chief information officer, Mr Bernardo Mariano.

WHO itself hasn’t been hacked, but employee passwords have leaked through other websites, he said.

In an interview on Tuesday (April 21), Mr Mariano said that some of the attacks had been perpetrated by suspected nation-state hackers.

The targets have included WHO Director-General Tedros Adhanom Ghebreyesus, as well as Mr Bruce Aylward, a senior WHO envoy who led a Covid-19 response team in China.

In addition, there had also been a recent “sustained attempt” to hack into computers operated by a team of four WHO employees in South Korea, as well as an incident last week targeting staff at the organisation’s Geneva headquarters, Mr Mariano said.

The hackers “are looking for the highest targets – the key officials involved with the Covid-19 work”, Mr Mariano said.

“The cyber security team has never been busier, and we’ve had to increase resources to try to protect ourselves and be vigilant.”

Authorities in Israel, the European Union, the UK and Switzerland have issued warnings to the WHO in recent weeks about cyber attacks on its systems, as have Interpol and Microsoft Corp, based on intelligence they have gathered, Mr Mariano added.

The WHO used to have one security alert a month, but thus far in April, the organisation has received eight from national cyber security authorities “notifying us of nation-state actor attacks that we are facing”, he said.

Many of the attacks have been phishing or spearphishing attempts to lure WHO staff into clicking on a malicious link in an e-mail – often sent to both work and personal accounts – that will download malware onto their computers or mobile phones, he said.

In some cases, reports the WHO has received from national cyber security agencies have identified the origins of the attack and the suspected perpetrator. Mr Mariano declined to name any of the alleged culprits.

On Monday, users of the Internet forum 4chan began circulating more than 2,000 passwords they claimed were linked to WHO e-mail accounts.

The details soon spread to Twitter and other social media websites, with claims that the WHO had been the victim of a hack.

Mr Mariano’s team concluded that the WHO hadn’t been hacked, but that the passwords of some WHO employees had been obtained from other data breaches.

The employees may have used their work e-mail address to register an account for a particular website, and then that website has been hacked, leaking their password.

Some users of 4chan said that they had used the passwords to successfully gain access to a WHO website called “Extranet”.

Mr Mariano said that most of the 2,000 e-mail accounts had expired and were no longer active, but that 400 were still used by the organisation’s employees.

He said none of the passwords could be used to access sensitive internal systems, such as those for e-mail, because the organisation has a two-factor authentication system in place, meaning a password alone is not sufficient to gain access.

Facing increased attacks, the WHO has doubled the size of its security team and is now working with five security companies to bolster its defences, said Mr Mariano.

The team has shut down some WHO systems that were identified as vulnerable to attack and has bolstered the security of internal e-mail, he said.

“This is unprecedented for everyone here,” Mr Mariano said. “We’re doing what we can to mitigate it.”

Leave A Reply

Your email address will not be published.