WHO Confirms Email Credentials Leak
Washington Post had identified the group as one among several whose passwords and emails were dumped online and abused.
April 24, 2020
The World Health Organization this week disclosed that some 450 active WHO email addresses and passwords were leaked online recently amid a big overall increase in cyberattacks directed at its staff.
WHO is one among several groups working to fight the COVID-19 pandemic that have reportedly had their email addresses and passwords dumped online in recent days by an unknown entity. The others allegedly include the Gates Foundation, the US Centers for Disease Control and Prevention (CDC) and the National Institutes of Health, according to the Washington Post, which cited a report from the SITE Intelligence Group.
Some 25,000 email credentials belonging to these groups have been leaked online in recent days and are being used by far-right extremists and hackers to spread conspiracy theories related to the pandemic, the Post said, citing SITE Intelligence.
WHO is the first among the organizations in the Post report to publicly admit that email addresses and passwords belonging to its staff have been publicly leaked. In a statement, however, the global body said the leaked data does not pose any risk to current WHO systems because the data is not recent. But it does affect an older extranet that is used by current and retired WHO staff and by partners, the global organization said Thursday. "WHO is now migrating affected systems to a more secure authentication system," the statement noted.
WHO did not disclose from where or how attackers might have obtained the email addresses and passwords. But they are most likely from earlier data breaches, according to Colin Bastable, CEO at Lucy Security. "The common 'covid' nature of the organizations targeted strongly suggests that they are old credentials that have been bundled to take advantage of the current virus crisis," Bastable said in emailed comments.
The email credential leak is part of a broader increase in attacks targeting or involving WHO since the beginning of the coronavirus pandemic. According to the world health body, the number of cyberattacks targeting it is now five times more than the number of attacks one year ago. Scammers impersonating WHO staffers are increasingly targeting the general public in campaigns designed to divert donations meant for the COVID-19 Solidarity Response Fund to fictitious accounts, WHO said.
Numerous security vendors have reported a massive increase in phishing and other scams by attackers trying to exploit the global concerns around the pandemic to steal credentials, plant malware, and cause other mayhem. In many cases, adversaries have established malware-laden fake domains designed to take advantage of people looking for information related to the pandemic.
The increase in malicious activity has been so dramatic, in fact, that three Democratic lawmakers earlier this month demanded to know what the major domain name registrars were doing to prevent scammers from registering fake domains with COVID-19 related themes.
In a letter to the CEOs of eight domain registrars, the lawmakers wanted to know what these organizations were doing to establish the legitimacy of people and entities trying to register domains with names related to the pandemic. They also wanted to know what measures domain registrars had for identifying and removing domains that were being used for malicious purposes.
Related Content:
A listing of free products and services compiled for Dark Reading by Omdia analysts to help meet the challenges of COVID-19.
About the Author
You May Also Like
Applying the Principle of Least Privilege to the Cloud
Nov 18, 2024The Right Way to Use Artificial Intelligence and Machine Learning in Incident Response
Nov 20, 2024Safeguarding GitHub Data to Fuel Web Innovation
Nov 21, 2024The Unreasonable Effectiveness of Inside Out Attack Surface Management
Dec 4, 2024