On March 23, Reuters reported that during March, cyberattackers attempted to hack into the World Health Organization (WHO), which has been playing a leading role in informing people about the coronavirus pandemic. According to Reuters, cybersecurity expert Alexander Urbelis noticed around March 13 that a group of hackers that he had been following “activated a malicious site mimicking the WHO’s internal email system.”
The WHO’s Chief Information Security Officer, Flavio Aggio, told Reuters that the hackers’ identity was unclear and their effort unsuccessful. He also stated that “[t]here has been a big increase in targeting of the WHO and other cybersecurity incidents. There are no hard numbers, but such compromise attempts against us and the use of (WHO) impersonations to target others have more than doubled.”
In addition to cyberattackers’ likely interest in personal identifying information, Costin Raiu, head of global research and analysis at Kaspersky Labs, identified strategic intelligence as another motive for the WHO attacks. In his words, “At times like this, any information about cures or tests or vaccines relating to coronavirus would be priceless and the priority of any intelligence organization of an affected country.”
Note: Chief Information Security Officer (CISO) teams should pass on this information promptly to all of their enterprise’s employees, whether working in corporate offices or from home. In particular, they need to remind employees (including senior executives) that they should never respond to any unsolicited emails or texts that purport to come from the WHO or other government agencies offering information about the coronavirus, and should report any such emails received through their enterprise’s email system through the appropriate enterprise channels.
In addition, CISO teams should remind employees that if they are interested in obtaining coronavirus-related information from government agency websites, they should use only their personal computers to access trusted search engines and verify that the sites in which they are interested are legitimate official sites. All public- and private-sector employees need to recognize that there are cyberattackers who have no compunctions about exploiting the public’s fear and confusion about the coronavirus, as the WHO itself put it in a recent public advisory, “to steal money or sensitive information.”