Alexander Urbelis of Blackstone Law Group has been following a group of hackers for some time now. 2 weeks ago, that group created a malicious site imitating WHO’s internal email system. Why? It’s being used in an attempt to steal passwords from WHO staff.
Cyberattacks are not new to any organization, including WHO. However, hackers have been trying to break into the World Health Organization (WHO) at an alarming rate since the COVID-19 outbreak. These attacks come at a time when WHO is scrambling to contain the coronavirus.
“There has been a big increase in targeting of the WHO and other cybersecurity incidents. There are no hard numbers, but such compromise attempts against us and the use of (WHO) impersonations to target others have more than doubled.”
Flavio Aggio, WHO CISO
Elite Hackers Involved?
At the moment, no one knows for sure what group is behind the attacks. Aggio confirmed the existence of the site but stated that the hackers remain unknown to WHO as well. Urbelis doesn’t know either.
Unknown sources are pointing at an elite hacker group known as DarkHotel. Multiple cybersecurity firms have tracked their activity during the coronavirus pandemic. Their recent targets include government employees and business executives. Most of those targets reside in China, North Korea, Japan, and the United States.
Costin Raiu of Kaspersky couldn’t confirm DarkHotel’s involvement in the attacks on WHO. However, Raiu stated the same type of malicious site was used to target other healthcare and humanitarian organization in the last few weeks.
“At times like this, any information about cures or tests or vaccines relating to coronavirus would be priceless and the priority of any intelligence organization of an affected country.”
Costin Raiu, Kaspersky
As many people now work remotely, online safety becomes more critical than ever. Last week, the DHS warned about attacks on remote VPNs.
Last month, WHO warned about hackers posing as the agency in an attempt to steal money and sensitive information from the general public. If you haven’t heard about it, please read the alert. They provide tips and guidelines on official WHO communications. Basically, be careful if you’re contacted by anyone claiming to be with the World Health Organization.
According to Urbelis, malicious coronavirus-themed websites are set up on a daily basis. “It’s still around 2,000 a day,” he said. “I have never seen anything like this.” Obviously, many of them are malicious.
Be careful about the sites you visit. Don’t hand over personal information online unless you certain about the identity of the site. Make sure an email isn’t a phishing attack before clicking links. Stay safe.