Posted on September 17, 2021 at 8:05 PM
Hackers Gain Access to United Nations after Obtaining Employee Logins from Dark Web
The United Nations has confirmed that hackers breached its systems at the beginning of 2021. The breach has contributed to a chain of attacks on other UN agencies.
The resulting attacks have been attributed to employee login details that were sold on the dark web sites. Hackers obtained the login details and used them as an entry point to expand reach into other UN networks between April and August this year. At least 53 accounts have been exploited to facilitate further attacks.
Data Breach Causes Extensive Damage for UN
The chain of attacks on the UN has been caused by leaked details of employee usernames and passwords. These details were leaked on a dark web forum and were most likely obtained through another breach.
Hackers who purchased the information have been accessing the UN networks and have been looking into expanding their privileges on the network. The first incident occurred in April.
Cybersecurity researchers informed the UN of the incidences after they spotted these login details being sold on the dark web for as low as $1000.
One of the compromised accounts is titled “Umoja.” Since the first breach, threat actors have been attempting other attacks, with the most recent happening on August 7. However, the UN has stated that the attackers have not damaged the UN’s systems.
Resecurity, a cybersecurity firm, first spotted the attack on the UN systems. The firm has been in discussions with the UN to determine the exact details of what was stolen. According to N, only screenshots of the internal network have been taken. However, Resecurity stated that substantial information had been accessed in the breach.
Resecurity states that hackers have targeted around 53 UN accounts since the breach stated. Reports by CNN also show that the breach had also been detected by other cybersecurity companies that warned the UN. However, the UN stated that it had already noticed the breach and took measures to reduce the risk.
The Umoja account did not have multifactor authentication. The UN stated that the option was provided after it migrated to Microsoft Azure. However, by that time, the account had already been compromised.
UN is a Prime Target for Hackers
The UN has been a prime target for hackers, which has necessitated the organization to employ strong cybersecurity measures to put off these attackers. Most of the attacks against the UN go unrecorded. However, high-profile attacks have been noted in recent years.
In 2018, the organization was attacked by Russian hackers who were believed to be state-sponsored. The attackers targeted the UN following the Prohibition of Chemical Weapons. This was after a chemical weapon was used to assassinate a former spy in Salisbury.
In 2019, the UN was also hacked after hackers exploited a vulnerability on the Microsoft SharePoint platform. The hack led to confidential information being leaked. The UN made the attack public after the information leak, stating that its offices in Vienna and Geneva were compromised.
Another attack also happened at the beginning of the year, where Sakura Samurai firm stated that a breach had occurred at the United Nations Environmental Programme (UNEP). Following the attack, around 100,000 employee records were leaked.
The attacks on the UN have necessitated the need for advanced cybersecurity measures. According to Trevor Morgan, a data security specialist, most hacking attacks do not necessarily implement sophisticated tools. Some hackers pounce on small errors that require simple hacking tactics, such as exploiting employee credentials.
He also noted that hacking attacks on organizations are not necessarily a personal issue but a national security issue that can cause detrimental harm if not tamed.
In the case of the UN breach, simple techniques would have helped the global institution boost its security. These techniques include the use of multifactor authentication, automated techniques, and improving security and encryption, among others.
One of the main factors causing the rise in cybercrimes is the failure of institutions to be proactive and implement the right strategies. Most organizations have also failed to beef up their cybersecurity to meet hackers’ evolving tools and techniques. Large organizations such as the UN should therefore prioritize investing in advanced cybersecurity techniques.
The UN breach also highlights one of the main areas that institutions normally bypass when beefing up online security. Failure of managing employee credentials properly exposes institutions to hacks. If the employee accounts of UN employees were regularly changed or disabled, it could have prevented the original breach. Scanning documents posted on the dark web for employee credentials could also help.
