Cybersecurity Lawyer Identifies First Attack on WHO Website

Laura BednarCybersecurity and Vulnerabilities

World Health Organization Cyberattack

With an increase in remote workers during the COVID-19 pandemic, there is also a greater chance for hackers to create new ways to access sensitive information on personal devices. The Federal Bureau of Investigation has even noted that there has been an increase in fraudulent crimes since the surge in remote work.

While the targets may have been corporate level businesses at the start, a cybersecurity lawyer recently exposed a cyberattack on the World Health Organization’s (WHO) website. In the midst of a global pandemic, a successful attack on a trusted health organization is a hacker’s holy grail.

Contact Us Now

Breakdown of the Attack

The group that is presumed to have carried out the attack is sophisticated in their ways. These hackers researched the configuration of the website and created portals that look almost identical to the portals that WHO creates for the site visitors. A URL web address was created that mirrored the entryway into the World Health Organization’s internal systems.

Essentially, the group created an external link to the site that housed internal file systems for WHO. This link appears to look the same as the site a remote employee would use when logging on. The perpetrators behind the attack are hard to pinpoint, but the cybersecurity lawyer, Alexander Urbelis, said there are some indications that it is a group by the name of DarkHotel, who had previously targeted executives checking into hotels and hotel Wi-Fi.

Recognizing the Security Issue

Urbelis is a former hacker who became an information security lawyer for the Blackstone Law Group in New York. He and his team have been following the hacking group that targeted WHO for a while. They were monitoring the internet for indications that the group reactivated its infrastructure and sure enough, they had struck.

In addition to the health organization, the group has replicated the portals of research universities and other intergovernmental organizations. The same day that WHO was targeted on March 13, the hackers also went after components of the United Nations. Due to the nature of their targets, they are considered to be a state-sponsored group, meaning they are an advanced persistent threat that is dangerous.

Why Hacking Is Popular During a Crisis

Malicious parties know that during a pandemic or other government or health-related crisis, there is more information being sent to medical providers, state officials, and other top-tier leaders. Information in the wrong hands not only gives them an advantage to seeing how the crisis is progressing, but allows them to steal data and sell it on the dark web. Some of this crucial information includes:

  • Protected Health Information (PHI)
  • Personally Identifiable Information (PII)
  • Statistics on deaths and cures relating to the virus
  • Inside information on the state of a nation’s economy stated that there are roughly 2,000 false Coronavirus sites being set up each day. While this attack on WHO was unsuccessful, a cyberattack on the Hammersmith Medicines Research (HMR), a research team in the UK working on a vaccine for COVID-19, was hit with a cyberattack and data was exposed. The hacking group in this situation posted personal and medical data of thousands of patients after HMR refused to pay the ransom.

While HMR was able to detect and stop the threat the same day it happened, they could not prevent the group from posting the PHI. Some hacking groups have promised to refrain from these attacks during the pandemic, but obviously others have no such conscience.

Staying Safe During a Surge of Cybercrime

As SecureData wrote in an earlier post, there is a serious increase in vulnerabilities on devices for remote workers. The best ways to combat this are to have strong passwords and use two-factor authentication if possible. Urbelis said that hackers will use variations of a user’s password to access critical files. After the number of data breaches that have exposed consumer data throughout the years, it isn’t difficult for them to find at least one password related to a user.

Users can also implement encryption on their devices to store and transfer data while health organizations need to create a disaster recovery plan in the event they are targeted during this vulnerable time. If you or your organization experiences a ransomware incident, data breach, or fraud, call Secure Forensics. Our examiners have years of experience identifying and ending cybercrime while pinpointing the criminal behind the attack. Call us at 1-800-288-1407 for more information.