Opportunist Cyber Criminals

Hacker Group Attacks World Health Organisation

Following a warning released by the World Health Organisation (W.H.O) earlier this month regarding phishing emails, it has since been reported that a significant cyber attack has been launched against the organisation.

First discovered by cybersecurity expert Alexander Urbelis, the attack became clear when a group of as of yet unknown hackers activated a malicious site designed to mimic the World Health Organisation’s internal email system. Like many malicious sites, hackers had created a look-a-like website, with the likely intention of harvesting login credentials and other pieces of sensitive information from agency staffers.

The World Health Organisation's Chief Information Security Officer Flavio Aggio has stated that though this particular attack was unsuccessful, the organisation has seen “a big increase” in targeted attacks and other cybersecurity incidents.

Exploiting Fears and Concerns

Urbelis, who has been tracking the growth of coronavirus related websites has stated that he has “never seen anything like” the 2,000 new sites being created every day, many of which are obviously malicious.

As with many crises, there are always criminals waiting to exploit the situation for their own gain. Security firm Barracuda Networks has also reportedly seen a 667% uptake in coronavirus related phishing emails since January.

“This is a new low for cyber criminals… cowardly attacking people en masse when they are at their most vulnerable,”

Dean Russell MP, Health and Social Care Select Committee

This come at a time when many cyber and information security experts have been issuing warnings that users should be particularly vigilant of criminals and scammers looking to capitalise on the international anxieties over the recent Covid-19 outbreak.

Learning from the W.H.O attack

Although the crisis being exploited is new, the tactics used to combat these issues remain the same and users should all be encouraged to take the time to access the authenticity of all communication prior to following links, opening attachments or taking any action that could compromise the security of sensitive information.

With many organisations and businesses now having to find solutions for a quarantined workforce and remote work becoming the temporary norm, employers need to be particularly diligent when it comes to reminding their workforces of information security issues and best practices.

Information Security

Not only does this crisis present the potential for scammers to exploit fears, concerns and curiosities, the sudden changes to how organisations operate also presents the possibility of a decline in standards of information security across the board.

At this largely unprecedented point in time, it is vital that organisations everywhere do not allow further disruption to inadvertently occur. With many employees now in the position of working with sensitive information in a less controlled environment, matters of data protection, GDPR and confidentiality will likely be at the forefront of many information security officers concerns, though it is important, at this time, the basics are not forgotten.