Breach, Content

Hackers Step Up World Health Organization Network and Cyber Attacks, Report

A hacking crew, perhaps the notorious DarkHotel, has repeatedly tried to break in the World Health Organization's (WHO) network, Reuters reported.

It's unclear if the cyber looters are looking for more than money and personal credentials. Hacking activity tracked by Alexander Urbelis, a cybersecurity expert with the Blackstone Law Group, has turned up a significant number of malicious sites posing as the WHO’s internal mail system. To this point, the hacking attempts have not succeeded but whoever is behind the cyber campaign has been trying to lift the passwords of a number of agency personnel, he told Reuters.

“I realized quite quickly that this was a live attack on the World Health Organization in the midst of a pandemic,” Urbelis said. Thousands of corona virus-related web sites have rapidly popped up, he said. “It’s still around 2,000 a day. I have never seen anything like this,” he reportedly said.

At this point, it’s not clear why DarkHotel is a suspect in the attempted break-ins other than its 13-year history as a cyber spying syndicate and its recent activities targeting countries hard hit by the corona virus, such as China, Japan, North Korea and the U.S., the report said. Costin Raiu, head of global research and analysis at Kaspersky, could not confirm that DarkHotel was behind the WHO attacks, Reuters said.

Last month, WHO officials posted an alert that hackers are impersonating the agency with stealing money and confidential information as their intentions. “Criminals are disguising themselves as WHO to steal money or sensitive information,” the WHO’s bulletin said. “If you are contacted by a person or organization that appears to be from WHO, verify their authenticity before responding.” The incidence of hacking attempts into the WHO’s network has spiked, Flavio Aggio, the WHO's chief information security officer, told Reuters. “There has been a big increase in targeting of the WHO and other cybersecurity incidents,” he said.

It’s not only the WHO that is experiencing coronavirus-related cyber criminal activity. Last week, the Department of Homeland Security’s (DHS) cyber security agency warned in an alert that hackers are targeting unpatched virtual private networks, work-at-home staff and remote employees amid corona virus workforce shifts. And, the Information Technology Laboratory (ITL) has issued a bulletin reiterating a National Institute of Standards and Technology publication first issued in 2016 that set guidelines for securing enterprise telework and remote access.

D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.