• The WHO used to receive one security alert per month, but in April, the organization has received eight alerts from different national cybersecurity authorities.
  • The WHO has reported a five fold increase in cyebrattacks against it.

Apart from the healthcare crisis due to COVID-19, healthcare firms are also witnessing an increased level of cyber threats. The World Health Organization (WHO) has reported a fivefold increase in cyberattacks against it. The number, however, would grow multiple times if we also take into account the attacks where WHO was used a reference point in emails.

Why it matters?
Considering the current scenario, WHO said that the coronavirus pandemic is “far from over.”

  • Businesses and individuals who expect official information from known, global organizations are falling into the traps laid by scammers and hackers, thereby resulting in loss of funds and hacking of critical systems.
  • There’s already a flurry of spam campaigns that piggyback on news of the crisis and amalgamate it with fake WHO advisories—as attachments and messages—to be used as attack vectors.

Recent attacks on WHO
The WHO used to receive one security alert per month, but thus far, in April, the organization has received eight alerts from different national cybersecurity authorities.

  • Last week, hackers leaked around 450 active WHO emails and passwords online within a large trove of more than 25,000 credentials. However, the WHO added that it didn’t put the organization’s systems at risk, explaining that its systems were largely spared because the data was not up-to-date.
  • In March, a hacker group had created a malicious site imitating the WHO’s internal email system for WHO staff in order to snatch passwords. The failed attack would have been to obtain information about tests or vaccines—invaluable assets at this time of the hour, experts suggested.
  • Though the host denied allegations, security experts believe Iranian government-backed hackers attempted to infiltrate the personal email accounts of WHO staff. The intrusion attempts were made by sending malicious messages to imitate Google web services, to the staff’s personal email accounts.

WHO as an attack vector
Hackers have used the WHO name to spread their malicious campaigns reported in recent months.
  • Disguised as representatives from the WHO, scammers were found sending emails to lure unsuspecting users into giving away money in name of donation to the organization. They asked users to use “Bitcoin Network” to donate to their wallet address.
  • Hackers impersonated WHO staff in a spear-phishing campaign to provide COVID-19 guidance. The emails contain an ARJ file attachment as a decoy to infect the victims with the LokiBot infostealer.
  • A group of researchers found a malspam campaign that impersonated WHO and sent victims an e-book titled “My Health E-book” that claims to include complete research on the global pandemic, as well as guidance on how to protect children and businesses from it.
  • There was a malware attack campaign in the month of February that impersonated the WHO and the Public Health Center of the Ministry of Health of Ukraine. It was used to spread a C# backdoor through a malicious Word document attached in the emails.

What do the experts say?
Laurence Pitt, cybersecurity marketing and strategy director at Juniper Networks said, “Organizations such as WHO will be a target because they are very visible to the current crisis and will be taking in large numbers of new, global contact details as they bring everyone together to work toward a solution.”

Bernardo Mariano, chief information officer at WHO, added, “We are grateful for the alerts we receive from member states and the private sector. We are all in this fight together.”
Cyware Publisher