World Health Organization sees targeted cyberattacks double

25 Mar 2020

Image: © Skyline/Stock.adobe.com

The WHO said cyberattacks have more than doubled in recent months as malicious hackers attempt to pose as the organisation.

The World Health Organization (WHO) has seen a two-fold increase in cyberattacks targeting the organisation in recent months, according to a report by Reuters.

WHO chief information security officer Flavio Aggio told the news service that elite hackers took aim at the organisation earlier this month, attempting to gain unauthorised access to data.

He said the identity of the hackers was unclear and the effort was unsuccessful, but added that hacking attempts against the agency and its partners have soared as they fight to contain the coronavirus outbreak.

Breaches and scams

Reuters was informed of the attempted breach by Alexander Urbelis, a cybersecurity expert and lawyer. Urbelis noticed that a group of hackers he had been following activated a malicious site mimicking the WHO’s internal email system and realised that “this was a live attack on the World Health Organization in the midst of a pandemic”.

In response, Aggio said: “There has been a big increase in targeting of the WHO and other cybersecurity incidents. There are no hard numbers, but such compromise attempts against us and the use of (WHO) impersonations to target others have more than doubled.”

In February, the organisation published a warning that hackers were posing as the agency in an attempt to steal money and sensitive data from the public. Cybersecurity firm Proofpoint also detected a surge in scams pretending to be coming from legitimate sources such as the WHO.

‘The current global climate has created incredible demand for information and news, making it a highly leveraged theme for attacks’
– KEN LIAO

The WHO reminded the public that it will never ask for usernames or passwords to access safety information, will never email attachments that weren’t asked for and will never ask users to visit a link outside of www.who.int.

The organisation added that it will “never charge money to apply for a job, register for a conference or reserve a hotel” and that it will “never conduct lotteries or offer prizes, grants, certificates or funding through email”.

Sources claimed that the attack discovered by Urbelis may be linked to elite hacking group DarkHotel, which has been traced by cybersecurity firms to east Asia.

Urbelis also said he has seen around 2,000 coronavirus-related websites being created each day, many of which appear to be malicious.

Why target the WHO?

Javvad Malik, security awareness advocate at infosec start-up KnowBe4, said: “With the pandemic taking over all news cycles at the moment, people are turning to the WHO for advice and guidance during this difficult time.”

He said that this is why criminals are “ramping up their attacks by either masquerading as WHO or trying to attack WHO directly”.

James McQuiggan, another security awareness advocate at KnowBe4, added: “It is recommended that people be alert and vigilant to these types of scams and ignore emails relating to this kind of information.”

McQuiggan said internet users should search for links through Google rather than clicking on those received in emails as a measure to avoid clicking potentially malicious links.

Ken Liao, vice-president of cybersecurity strategy at Abnormal Security, said: “Attackers have always used current events as a social engineering lure to engage their targets, and that has certainly been the case during the Covid-19 pandemic.

“The current global climate has created incredible demand for information and news, making it a highly leveraged theme for attacks.”

Kelly Earley was a journalist with Silicon Republic

editorial@siliconrepublic.com