Cyber security professionals working for the World Health Organisation (WHO) have "never been busier", according to its CIO, as top officials are being targeted by constant phishing campaigns.
The organisation has had to increase its security resources while it deals with the outbreak of COVID-19, the WHO's chief information officer (CIO), Bernardo Mariano, told Bloomberg.
This is because cyber attacks on the organisation have significantly increased since mid-March when the coronavirus moved up to pandemic status. WHO used to have just one security alert a month, according to Mariano, but that has shot up to eight in April as national cyber security authorities warned it of repeated "nation-state actor attacks".
These alerts have come from authorities in Isreal, the EU, the UK and Switzerland and also include warnings from Interpol and Microsoft.
The hackers are not attacking the WHO directly, but are instead looking for its highest-ranking officials, according to Mariano, particularly key officials involved with its COVID-19 work.
It's thought that many of its employee's passwords have leaked through other websites and are now being used for phishing and spearfishing campaigns. Malware-loaded messages are being sent to both work and personal accounts that will compromise computers or mobile phones.
More than 2,000 passwords thought to be linked to WHO email accounts have been circulating on the internet forum 4chan, according to Bloomberg, with the details popping up on social media site too. Most of these email accounts were no-longer in use, according to Mariano, but some 400 were still used by WHO employees.
Some of the top targets have included the organisation's director-general Adhanom Ghebreyesus and Bruce Aylward, a senior WHO official who led a COVID-19 response team in China. There has also been a "sustained attempt" to hack into computers operated by a four-member team in South Korea and also its HQ in Geneva.
As a result, the organisation has doubled the size of its security team and is now working with five security companies to bolster its defences.
-
Third time lucky? Microsoft finally begins roll-out of controversial Recall featureNews The Windows Recall feature has been plagued by setbacks and backlash from security professionals
-
The UK government wants quantum technology out of the lab and in the hands of enterprisesNews The UK government has unveiled plans to invest £121 million in quantum computing projects in an effort to drive real-world applications and adoption rates.
-
Phishing emails target victims with fake vaccine passport offerNews Scammers could steal victims’ personal information and never deliver the illegal goods, Fortinet warns
-
COVID-related phishing fuels a 15-fold increase in NCSC takedownsNews The NCSC recorded a significant jump in the number of attacks using NHS branding to lure victims
-
COVID vaccine passports will fail unless government wins public trust, ICO warnsNews Data watchdog's chief Elizabeth Denham warns that it’s not good enough to claim ‘this is important, so trust us’
-
Fake COVID vaccination certificates available on the dark webNews Fast-growing market emerges for people wanting quick vaccine proof to travel abroad
-
Cyber security firm saw attacks rise by 20% during 2020News Trend Micro found attackers also heavily targeted VPNs
-
Hackers using COVID vaccine as a lure to spread malwareNews Cyber criminals are impersonating WHO, DHL, and vaccine manufacturers in phishing campaigns
-
Website problems slow coronavirus vaccine rollout
News Florida is the epicenter of website issues, as patients struggle with malfunctioning sites and hackers
-
NHS COVID-19 app failed to ask users to self-isolate due to 'software glitch'News The bug is the latest in a long line of errors and glitches to plague the government's contact-tracing app
