Opportunist Cyber Criminals

Hacker Group Attacks World Health Organisation

Following a warning released by the World Health Organisation (W.H.O) earlier this month regarding phishing emails, it has since been reported that a significant cyber attack has been launched against the organisation.

First discovered by cybersecurity expert Alexander Urbelis, the attack became clear when a group of as of yet unknown hackers activated a malicious site designed to mimic the World Health Organisation’s internal email system. Like many malicious sites, hackers had created a look-a-like website, with the likely intention of harvesting login credentials and other pieces of sensitive information from agency staffers.

The World Health Organisation's Chief Information Security Officer Flavio Aggio has stated that though this particular attack was unsuccessful, the organisation has seen “a big increase” in targeted attacks and other cybersecurity incidents.

Exploiting Fears and Concerns

Urbelis, who has been tracking the growth of coronavirus related websites has stated that he has “never seen anything like” the 2,000 new sites being created every day, many of which are obviously malicious.

As with many crises, there are always criminals waiting to exploit the situation for their own gain. Security firm Barracuda Networks has also reportedly seen a 667% uptake in coronavirus related phishing emails since January.

“This is a new low for cyber criminals… cowardly attacking people en masse when they are at their most vulnerable,”

Dean Russell MP, Health and Social Care Select Committee

This come at a time when many cyber and information security experts have been issuing warnings that users should be particularly vigilant of criminals and scammers looking to capitalise on the international anxieties over the recent Covid-19 outbreak.

Learning from the W.H.O attack

Although the crisis being exploited is new, the tactics used to combat these issues remain the same and users should all be encouraged to take the time to access the authenticity of all communication prior to following links, opening attachments or taking any action that could compromise the security of sensitive information.

With many organisations and businesses now having to find solutions for a quarantined workforce and remote work becoming the temporary norm, employers need to be particularly diligent when it comes to reminding their workforces of information security issues and best practices.

Information Security

Not only does this crisis present the potential for scammers to exploit fears, concerns and curiosities, the sudden changes to how organisations operate also presents the possibility of a decline in standards of information security across the board.

At this largely unprecedented point in time, it is vital that organisations everywhere do not allow further disruption to inadvertently occur. With many employees now in the position of working with sensitive information in a less controlled environment, matters of data protection, GDPR and confidentiality will likely be at the forefront of many information security officers concerns, though it is important, at this time, the basics are not forgotten. 

Security Awareness for your Organisation

Enjoyed our blog? Learn more about how Hut Six can help improve you security awareness with training and simulated phishing. Start a free trial now, or book a meeting with one of our experts.


6 SME Security Tips For SMEs

6 Business Critical Information Security Tips for SMEs

Information security tips to help safeguard any organisation. Blog by Information Security Awareness Training Provider Hut Six Security.

Anti-Phishing Training for Small Businesses

The Essential Anti-Phishing Training Guide for SMEs

What is phishing and how can you avoid it? The essential Anti-Phishing Training Guide from information security awareness platform Hut Six Security.

Business Continuity Plan

What to Do if you Don’t Have a Business Continuity Plan

In times of sudden change, be it a natural disaster, electronic failures or global pandemics, having a business continuity plan is essential. But what should you do if you don't have one?

COVID-19 Phishing Attacks

Phishers Exploiting COVID-19 Coronavirus

Phishing attacks are using the COVID-19 Coronavirus as a means of attracting unsuspecting individuals. Information Security blog from Hut Six Security.

Small Business Security Basics

SME Security is No Picnic

SME Security is No Picnic: problem in Chair not in Computer. Information security blog by information security awareness training provider Hut Six Security.

Data Protection Act for Businesses

How Does the Data Protection Act Affect Businesses?

How Does the Data Protection Act Affect Businesses? Rights, Obligations and Important Concepts. Blog by Hut Six Security.

Huawei Devices trigger a Google Warning

Google Warning Over Huawei Devices

Google Warning Over Huawei Devices: Huawei concerns continue. - blog by Information Security Awareness Training provider Hut Six Security

Data Protection Act Compensation

How Much Compensation for Breach of Data Protection Act?

How Much Compensation for Breach of Data Protection Act? Your Data Rights and Right to Compensation. Blog by Hut Six Security.

What is Phishing?

What is Phishing? In Computer Technology - It’s a Number 1 Threat

Phishing is a number one cyber threat, and awareness training is required to ensure all employees realise it's a business-critical matter.

Phishing Basics

What Does Phishing Mean in Computer Terms?

What does phishing mean in computer terms? The understanding of this term is at the core of Information Security awareness. Blog by Hut Six Security.

Speak to us about your Cyber Awareness