Cybersecurity News

WHO Reports COVID-19 Spurs Rapid Rise in Cyberattacks Against Staff

Days after a report revealed a leak of hundreds of active WHO credentials, officials say they've seen a dramatic increase in cyberattacks against its staff and email scams targeting the public.

WHO cyberattack Coronavirus COVDI-19 cyber hygiene cybersecurity risk managment fraud scemes phishing attack email security

By Jessica Davis

- Early this week, the Washington Post revealed hundreds of active WHO credentials were leaked online. In response, WHO is reporting it’s seen a dramatic rise in cyberattacks directed against its workforce, as well as a rise in email scams targeting the public during the COVID-19 pandemic.

The global health agency has already faced an unsuccessful hacking attempt during the crisis. Threat actors attempted to breach the WHO network and its partners beginning on March 13. A security research discovered a hacking group had activated a malicious site that impersonated the WHO email system.

In the latest incident, according to the Post, the SITE Intelligence Group found thousands of credentials online that allegedly belonged to WHO, as well as the Gates Foundation, the National Institutes of Health, and other groups working to resolve the Coronavirus crisis. The data was being used for hacking attempts and harassment by far-right extremists.

WHO confirmed that about 450 active email addresses and passwords were indeed leaked online, as well as thousands of other credentials from other groups working on the Coronavirus response. Its systems were not at risk, however, as the data was not recent and leaked from an older extranet system.

The stolen credentials belonged to current and retired staff, as well as partners. Officials said the leak has spurred WHO to migrate the affected systems to a “more secure authentication system.”

“Ensuring the security of health information for Member States and the privacy of users interacting with us a priority for WHO at all times, but also particularly during the COVID-19 pandemic,” WHO CIO Bernardo Mariano, said in a statement. “We are grateful for the alerts we receive from Member States and the private sector. We are all in this fight together.”

COVID-19 Fraud Scams Continue

The health agency has also reported an increase in targeted email scams against the general public. These fraud schemes attempt to trick users into donating funds to fictitious outlets, rather than the authentic COVID-19 Solidarity Response Fund.

In fact, the number of cyberattacks against WHO have increased five times from the same period last year. MalwareBytes first saw a resurgence of malspam phishing campaigns impersonating WHO in early March, and researchers have been monitoring for these types of campaigns in light of the pandemic.

The Department of Homeland Security, the FBI, the Office for Civil Rights, and a host of security researchers are continuing to press organizations, including those in the healthcare sector, to remain vigilant against these attacks as hackers have been spotted targeted Virtual Private Networks, videoconferencing platforms, remote work, and other vulnerabilities during the pandemic.

On April 22, the Department of Justice announced it had disrupted hundreds of online COVID-19-related scams, “many of which operated from websites that advertised fake vaccines and cures, operated fraudulent charity drives, delivered malware, or hosted various other types of scams.”

There’s also a volunteer, global community of cyber threat intelligence researchers, infosec leaders, CISOs, and other security leaders known as CTI League, or Cyber Threat Intelligence League, which has been steadily working to neutralize cyber threats amid the pandemic.

Earlier this week, the group reported they’ve requested takedowns of 2,833 indicators of compromise (IOCs) in the past month. About 99 percent of those takedown requests were for malicious domains. CTI has also discovered over 2,000 vulnerabilities in hospitals, healthcare facilities, and other supporting organizations from more than 80 countries, including the US.

WHO is continuing to work with the private sector in light of these reports, including working to “establish more robust internal systems and to strengthen security measures.” Officials said they are also reinforcing cybersecurity education with its workforce.

For healthcare providers, the FBI, the American Medical Center and American Hospital Association, and DHS have all released cyber guidance designed to shore up some of these risks that have emerged during the pandemic. Other security researchers have shared their take on key policy and tech necessities for combatting these fraud attempts given the increase in remote work, as well.

This week, a group of Senators asked DHS to draft cyber threat guidance for the healthcare sector in light of these reports.