The United Nations have been hacked

Cybercriminals continue to wreak havoc on organisations all over the world. Be it large enterprises or SMEs; they’re always vulnerable to cyberattacks. But larger organisations are often better prepared to deal with any threats.
So when the Associated Press (AP) and The New Humanitarian reported that sophisticated hackers had infiltrated the United Nations’ (UN) networks in Geneva and Vienna last year, the news came out as a bit of a shock to the entire world.

This is the UN we are talking about. Their data is supposed to be the most secure in the world. Yet, they kept quiet about it when an apparent espionage operation took place last year. While the hackers’ identity and the extent of the data they obtained are not known, an internal confidential document from UN leaked to The New Humanitarian and AP showed dozens of servers compromised including the UN human rights office, which collects sensitive data and has often been a rod of criticism from autocratic governments for exposing rights abuses.

The breach affected dozens of servers in three separate locations: the UN Office at Vienna; the UN Office at Geneva; and the UN Office of the High Commissioner for Human Rights (OHCHR) headquarters in Geneva. These servers hold a range of data, including personal information about staff.

According to Geneva-based Ian Richards, president of the Staff Council at UN, as reported by AP, most of the staff were not informed. All they received was an email on September 26th informing them about infrastructure maintenance works.

A UN official told AP that the intrusion appeared sophisticated with the extent of damage unclear, especially in terms of personal, secret or compromising information that may have been stolen. The official also said that systems have since been reinforced.

Given the high skill level, the official felt a state-backed actor was possibly behind it as there’s not even a trace of a clean-up. The New Humanitarian reported that the decision not to notify all the people or organisations whose data may have been compromised risks damaging trust in the UN as an institution as well. Staff were only asked to change their passwords but were not told of the large breach that some of their personal data might have been compromised.

CSA reached out to cybersecurity experts in the ASEAN region to get their views on this hack.

According to Evan Dumas, Regional Director, Southeast Asia, Check Point Software Technologies "Even if an organisation is equipped with the most comprehensive, state-of-the-art security solutions, the risk of being breached cannot be completely eliminated. Organisations need to adopt a preventive strategy to stay ahead of cybercriminals." 

The UN is a natural target for state-sponsored hacking, but news about major breaches are rare, as is firm attribution about who is responsible.

Kasperky’s Yeo Siang Tiong, General Manager for Southeast Asia said, “cyberespionage has become more covert and will remain and even intensify as we open a new decade, both in a global and on a regional scale. In fact, our 2020 Advanced Persistent Threats (APT) predictions revealed that these spying groups will be more sophisticated through exploiting next-generation technologies such as deepfakes, AI, and the like.”

Given this situation, Yeo added that intelligence sharing and cooperation between public and private sectors should be strengthened further.

“We need mutual trust and better transparency to be able to work together against these virtual attackers. For our part, we have an existing partnership with INTERPOL wherein we share the latest information we have gathered through machine learning and extensive threat researches from our in-house security experts. It is also high-time for all organisations to augment their systems' intelligence capability to better grasp and monitor the new attack techniques and tools of these cybercriminals.”

 In order to avoid falling victim to a targeted attack by known or unknown threat actor, Kaspersky recommends the following:

  • Provide the team with access to the latest Threat Intelligence, to keep up to date with the new and emerging tools, techniques and tactics used by threat actors and cybercriminals
  • For endpoint level detection, investigation and timeline remediation of incidents, implement endpoint detection and response (EDR) solutions
  • In additional to adopting essential endpoint protection, implement a corporate grade security solution that detects advanced threats on the network level at an early stage
  • As many targeted attacks start with phishing or other social engineering technique, introduce security awareness training and teach practical skills to the team
You might also like
Most comment
share us your thought

0 Comment Log in or register to post comments