Opportunist Cyber Criminals
Hacker Group Attacks World Health Organisation
Following a warning released by the World Health Organisation (W.H.O) earlier this month regarding phishing emails, it has since been reported that a significant cyber attack has been launched against the organisation.
First discovered by cybersecurity expert Alexander Urbelis, the attack became clear when a group of as of yet unknown hackers activated a malicious site designed to mimic the World Health Organisation’s internal email system. Like many malicious sites, hackers had created a look-a-like website, with the likely intention of harvesting login credentials and other pieces of sensitive information from agency staffers.
The World Health Organisation's Chief Information Security Officer Flavio Aggio has stated that though this particular attack was unsuccessful, the organisation has seen “a big increase” in targeted attacks and other cybersecurity incidents.
Exploiting Fears and Concerns
Urbelis, who has been tracking the growth of coronavirus related websites has stated that he has “never seen anything like” the 2,000 new sites being created every day, many of which are obviously malicious.
As with many crises, there are always criminals waiting to exploit the situation for their own gain. Security firm Barracuda Networks has also reportedly seen a 667% uptake in coronavirus related phishing emails since January.
“This is a new low for cyber criminals… cowardly attacking people en masse when they are at their most vulnerable,”
Dean Russell MP, Health and Social Care Select Committee
This come at a time when many cyber and information security experts have been issuing warnings that users should be particularly vigilant of criminals and scammers looking to capitalise on the international anxieties over the recent Covid-19 outbreak.
Learning from the W.H.O attack
Although the crisis being exploited is new, the tactics used to combat these issues remain the same and users should all be encouraged to take the time to access the authenticity of all communication prior to following links, opening attachments or taking any action that could compromise the security of sensitive information.
With many organisations and businesses now having to find solutions for a quarantined workforce and remote work becoming the temporary norm, employers need to be particularly diligent when it comes to reminding their workforces of information security issues and best practices.
Not only does this crisis present the potential for scammers to exploit fears, concerns and curiosities, the sudden changes to how organisations operate also presents the possibility of a decline in standards of information security across the board.
At this largely unprecedented point in time, it is vital that organisations everywhere do not allow further disruption to inadvertently occur. With many employees now in the position of working with sensitive information in a less controlled environment, matters of data protection, GDPR and confidentiality will likely be at the forefront of many information security officers concerns, though it is important, at this time, the basics are not forgotten.
Security Awareness for your Organisation
Enjoyed our blog? Learn more about how Hut Six can help improve you security awareness with training and simulated phishing. Start a free trial now, or book a meeting with one of our experts.
Information security tips to help safeguard any organisation. Blog by Information Security Awareness Training Provider Hut Six Security.
What is phishing and how can you avoid it? The essential Anti-Phishing Training Guide from information security awareness platform Hut Six Security.
In times of sudden change, be it a natural disaster, electronic failures or global pandemics, having a business continuity plan is essential. But what should you do if you don't have one?
Phishing attacks are using the COVID-19 Coronavirus as a means of attracting unsuspecting individuals. Information Security blog from Hut Six Security.
SME Security is No Picnic: problem in Chair not in Computer. Information security blog by information security awareness training provider Hut Six Security.
How Does the Data Protection Act Affect Businesses? Rights, Obligations and Important Concepts. Blog by Hut Six Security.
Google Warning Over Huawei Devices: Huawei concerns continue. - blog by Information Security Awareness Training provider Hut Six Security
How Much Compensation for Breach of Data Protection Act? Your Data Rights and Right to Compensation. Blog by Hut Six Security.
Phishing is a number one cyber threat, and awareness training is required to ensure all employees realise it's a business-critical matter.
What does phishing mean in computer terms? The understanding of this term is at the core of Information Security awareness. Blog by Hut Six Security.