A hacker group targeted the World Health Organization (WHO) via a sophisticated phishing attack, which involved an email hosted on a phishing domain that tried to trick the employees into entering their credentials, Reuters reported.
It’s said that the WHO observed the hacking attempt in mid-March and is suspected to have come from DarkHotel, a threat group from Southeast Asia that has been active since 2004. The group targets high-net-worth travelers across the world by tracking their hotel bookings via compromised hotel websites and applications. WHO is responsible for international public health and is playing a crucial role in monitoring and mitigating the COVID-19 pandemic.
According to Flavio Aggio, CISO at WHO, the hackers were unidentified. Aggio confirmed that the hackers group activated a malicious site mimicking WHO’s internal email system to steal passwords from the employees. The issue came to light after Alexander Urbelis, a cybersecurity professional and attorney with the New York-based Blackstone Law Group—which tracks suspicious internet domain registration activity—discovered the activity on March 13, 2020 and flagged the threat activity to Reuters.
Several industry experts stated that they aren’t surprised that hackers are targeting health organizations, as criminal activities on medical agencies have soared in recent times. Recently, WHO even published a notification warning individuals that hackers are posing as the agency to steal money and sensitive information from the public. The agency urged users to verify the authenticity of the source before responding.
Medical Devices Vulnerable to Cyberthreats
Due to the severity of the Coronavirus threat, the healthcare sector leaves many connected medical devices vulnerable to potential cyberthreats. According to a similar research from Atlas VPN, 83% of healthcare providers in the U.S. are running on outdated software. Based on cybersecurity firm Palo Alto Networks’ survey of 1.2 million IoT devices used in thousands of healthcare organizations across the U.S., 56% of devices were still running on the Windows 7 operating system, for which Microsoft discontinued support in January 2020. The research also revealed that 27% of medical devices are still running Windows XP or old versions of Linux OS, while nearly 16% of imaging systems are at 51% risk of getting hacked.