“Elite” hackers have tried – and failed – to breach computer systems and networks of the World Health Organization (WHO) earlier this month, Reuters reported on Monday.
In fact, since the start of the COVID-19 pandemic, the WHO has been fielding an increasing number of cyberattacks, as well as impersonation attempts.
About the attack
The attackers created a malicious site mimicking the WHO’s internal email system in an attempt to phish the agency staffers’ email credentials.
What the attackers were after and who they were is not known, although some sources suspect them to be the Darkhotel espionage crew, which has been active for nearly over decade and whose targets are usually high-profile individuals: executives in various sectors, including defense and energy, and government employees. (The sources did not say why they are inclined to point the finger at the Darkhotel threat actors.)
Costin Raiu, head of global research and analysis at Kaspersky, said that the malicious web infrastructure used in this attack had also been used to target other healthcare and humanitarian organizations in recent weeks.
Coronavirus researchers are being targeted
The Canadian Centre for Cyber Security has also been warning Canadian health organizations about cyber criminals and spies.
“[Sophisticated threat actors] may attempt to gain intelligence on COVID-19 response efforts and potential political responses to the crisis or to steal ongoing key research towards a vaccine or other medical remedies, or other topics of interest to the threat actor,” the federal agency noted.
“Cyber criminals may take advantage of the COVID-19 pandemic, using the increased pressure being placed on Canadian health organizations to extract ransom payments or mask other compromises.”
The agency advised healthcare organizations to be on the lookout for social engineering and spear-phishing attempts and that attackers could exploit critical vulnerabilities and/or compromised credentials.
They also urged all organizations to “become familiar with and practice their business continuity plans, including restoring files from back-ups and moving key business elements to a back-up infrastructure,” and have provided a list of critical vulnerabilities that should be patched and/or mitigated as soon as possible.
Healthcare organizations previously hit
Cybercriminals wielding ransomware have already hit some healthcare organizations involved in the fight against the COVID-19 virus.
The Brno University Hospital, in Brno, Czech Republic, is one of them. London-based Hammersmith Medicines Research is another.
While the latter managed to repel the attack and did not suffer downtime, the attackers published some of the medical data they stole. They later removed the leaked files.