We witnessed a plethora of ransomware and cyberattacks over the course of 2019. Victims included schools, cities, and state governments. Now, we’re finding out that the United Nations joined the list in 2019 as well. We’re only finding out now because they tried to keep the incident under wraps. An unknown official leaked a confidential report to a news agency just this week.
According to the report, the initial attack occurred nearly six full months ago in July. Unfortunately, IT staff didn’t discover the intrusion until over a month later. On August 30, 2019, the following alert was sent to tech teams in the U.N.’s Geneva and Vienna offices.
“We are working under the assumption that the entire domain is compromised. The attacker doesn’t show signs of activity so far, we assume they established their position and are dormant.”
The report includes a section titled “Still counting our casualties.” The attack compromised 42 servers and another 25 were “suspicious.” Those servers contained a wide array of data including staff personal information.
When asked for a response, the U.N. confirmed the attack. Multiple U.N. officials have since answered questions surrounding the events.
U.N. spokesperson Stéphane Dujarric stated, “The attack resulted in a compromise of core infrastructure components. As the exact nature and scope of the incident could not be determined, we decided not to publicly disclose the breach.”
Since the U.N. has diplomatic status, they have immunity from every form of legal process. Thus, they have no obligations to report the breach.
“Staff at large, including me, were not informed. All we received was an email (on Sept. 26) informing us about infrastructure maintenance work.”
-Ian Richards, president of the Staff Council at the United Nations
One anonymous U.N. official told the AP that they still don’t know what data was stolen. The official said the attack appeared “sophisticated.”
“It’s as if someone were walking in the sand, and swept up their tracks with a broom afterward. There’s not even a trace of a clean-up.”
-Anonymous U.N. official
Any logs detailing hacker activity were cleared. According to Jake Williams, Rendition Infosec CEO, clearing the logs indicates that the hackers weren’t top tier. The best hackers cover their tracks by editing logs instead of clearing them. Williams did confirm that the attack looked like espionage.
Ian Richards remains concerned about the safety of U.N. networks. “There’s a lot of our data that could have been hacked, and we don’t know what that data could be. How much should U.N. staff trust the information infrastructure the U.N. is providing them?” Richards asked. “Or should they start putting their information elsewhere?”
Attack Could Have Been Prevented
Apparently, the attacker utilized a remote code-execution vulnerability in Microsoft’s SharePoint software. However, Microsoft patched this flaw back in March of 2019. However, the U.N. had not updated systems recently.
This attack exemplifies why patching is so incredibly important to maintaining security. Don’t wait to implement processes for patching and updating. These processes should include both hardware and software. Simply running Windows Update isn’t enough. Contact Pit Crew IT Services today for assistance with patch management and cybersecurity.