Hackers tried to breach WHO system amid coronavirus pandemic
A group of hackers created a malicious website posing as an email login portal for World Health Organization employees in an attempt to steal passwords. The attack was unsuccessful, according to WHO chief information security officer Flavio Aggio.
Hacking attempts against the World Health Organization (WHO) and its partners have soared as they fight to stem the coronavirus pandemic, which has killed more than 15,000 worldwide. Elite hackers tried to break into the agency earlier this month, part of what a senior agency official said was a more than two-fold increase in cyberattacks.
WHO Chief Information Security Officer Flavio Aggio said the identity of the hackers was unclear and the effort was unsuccessful.
The attempted break-in at the WHO was first flagged to Reuters by Alexander Urbelis, a cybersecurity expert and attorney with the New York-based Blackstone Law Group, which tracks suspicious internet domain registration activity.
Urbelis said he picked up on the activity around March 13, when a group of hackers he’d been following activated a malicious site mimicking the WHO’s internal email system. “I realized quite quickly that this was a live attack on the World Health Organization in the midst of a pandemic,” he said.
Urbelis said he didn’t know who was responsible, but two other sources briefed on the matter said they suspected an advanced group of hackers known as DarkHotel, which has been conducting cyber-espionage operations since at least 2007.
When asked by Reuters about the incident, the WHO’s Aggio confirmed that the site spotted by Urbelis had been used in an attempt to steal passwords from multiple agency staffers. “There has been a big increase in targeting of the WHO and other cybersecurity incidents. There are no hard numbers, but such compromise attempts against us and the use of (WHO) impersonations to target others have more than doubled,” he said.
The WHO published an alert last month -- available here, warning that hackers are posing as the agency to steal money and sensitive information from the public. And government officials in the United States, Britain and elsewhere have issued cybersecurity warnings about the dangers of a newly-remote workforce as people disperse to their homes to work and study because of the coronavirus pandemic.
United Nations agencies, the WHO among them, are regularly targeted by digital espionage campaigns and Aggio said he did not know who precisely at the organization the hackers had in their sights.
Cybersecurity firms including Romania’s Bitdefender and Moscow-based Kaspersky said they have traced many of DarkHotel’s operations to East Asia -- an area that has been particularly affected by the coronavirus. Specific targets have included government employees and business executives in places such as China, North Korea, Japan, and the United States.
Costin Raiu, head of global research and analysis at Kaspersky, could not confirm that DarkHotel was responsible for the WHO attack but said the same malicious web infrastructure had also been used to target other healthcare and humanitarian organizations in recent weeks.
“At times like this, any information about cures or tests or vaccines relating to coronavirus would be priceless and the priority of any intelligence organization of an affected country,” he said.
Officials and cybersecurity experts have warned that hackers of all stripes are seeking to capitalize on international concern over the spread of the coronavirus. Urbelis said he has tracked thousands of coronavirus-themed web sites being set up daily, many of them obviously malicious.
“It’s still around 2,000 a day,” he said. “I have never seen anything like this.”
CORONAVIRUS PANDEMIC ‘ACCELERATING’
The WHO has warned that the coronavirus disease pandemic is "accelerating", with more than 300,000 cases now confirmed. It took 67 days from the first reported of Covid-19 to reach 100,000 cases, 11 days for the second 100,000, and just four days for the third 100,000.
But WHO Director General Tedros Adhanom Ghebreyesus said it was still possible to "change the trajectory" and urged countries to adopt rigorous testing and contact-tracing strategies. "What matters most is what we do. You can't win a football game by defending. You have to attack as well," he told a joint news conference with FIFA President Gianni Infantino to launch a "kick out coronavirus" campaign featuring footballers.
???? Hands— FIFA.com (@FIFAcom) March 23, 2020
Let some of football's biggest names tell you what you need to be doing to help tackle #COVID19.
ℹ️Learn more ????https://t.co/iDwqhk1Nor@WHO | @GaryLineker | @Alissonbecker
@CarliLloyd | @teammessi | @setoo9 pic.twitter.com/cbW2o2hWuC
Tedros said asking people to stay at home and other physical-distancing measures were an important way of slowing down the spread of the virus, but described them as "defensive measures that will not help us to win".
"To win, we need to attack the virus with aggressive and targeted tactics - testing every suspected case, isolating and caring for every confirmed case, and chasing and quarantining every close contact."
Expressing alarm at reports from around the world of large numbers of infections among health workers, which appeared to be the result of a shortage of adequate personal protective equipment, Tedros said that health workers can only do their jobs effectively when they can do their jobs safely.
"Even if we do everything else right, if we don't prioritise protecting health workers many people will die because the health worker who could have saved their life is sick." He said the WHO has been working with its partners to rationalise and prioritise the use of protective equipment, and to address the global shortage of it.