WHO doubles its security team as phishing attacks ramp up

Hackers are targeting top officials after employee emails circulated online

Cyber security professionals working for the World Health Organisation (WHO) have "never been busier", according to its CIO, as top officials are being targeted by constant phishing campaigns. 

The organisation has had to increase its security resources while it deals with the outbreak of COVID-19, the WHO's chief information officer (CIO), Bernardo Mariano, told Bloomberg

This is because cyber attacks on the organisation have significantly increased since mid-March when the coronavirus moved up to pandemic status. WHO used to have just one security alert a month, according to Mariano, but that has shot up to eight in April as national cyber security authorities warned it of repeated "nation-state actor attacks".

These alerts have come from authorities in Isreal, the EU, the UK and Switzerland and also include warnings from Interpol and Microsoft.

The hackers are not attacking the WHO directly, but are instead looking for its highest-ranking officials, according to Mariano, particularly key officials involved with its COVID-19 work.

It's thought that many of its employee's passwords have leaked through other websites and are now being used for phishing and spearfishing campaigns. Malware-loaded messages are being sent to both work and personal accounts that will compromise computers or mobile phones. 

More than 2,000 passwords thought to be linked to WHO email accounts have been circulating on the internet forum 4chan, according to Bloomberg, with the details popping up on social media site too. Most of these email accounts were no-longer in use, according to Mariano, but some 400 were still used by WHO employees. 

Some of the top targets have included the organisation's director-general Adhanom Ghebreyesus and Bruce Aylward, a senior WHO official who led a COVID-19 response team in China. There has also been a "sustained attempt" to hack into computers operated by a four-member team in South Korea and also its HQ in Geneva.  

As a result, the organisation has doubled the size of its security team and is now working with five security companies to bolster its defences.  

Featured Resources

Next-generation time series: Forecasting for the real world, not the ideal world

Solve time series problems with AI

Free download

The future of productivity

Driving your business forward with Microsoft Office 365

Free download

How to plan for endpoint security against ever-evolving cyber threats

Safeguard your devices, data, and reputation

Free download

A quantitative comparison of UPS monitoring and servicing approaches across edge environments

Effective UPS fleet management

Free download

Recommended

How to manage people successfully from a distance
Business strategy

How to manage people successfully from a distance

27 Oct 2021
Phishing emails target victims with fake vaccine passport offer
cyber crime

Phishing emails target victims with fake vaccine passport offer

21 Sep 2021
Oracle teams with Oxford University for rapid detection of COVID-19 variants
data processing

Oracle teams with Oxford University for rapid detection of COVID-19 variants

20 Sep 2021
Podcast transcript: Digital stagnation in a post-COVID world
digital transformation

Podcast transcript: Digital stagnation in a post-COVID world

27 Aug 2021

Most Popular

UK spy agencies supercharge espionage efforts with AWS data deal
cloud computing

UK spy agencies supercharge espionage efforts with AWS data deal

26 Oct 2021
Cryptocurrency: Should you invest?
cryptocurrencies

Cryptocurrency: Should you invest?

27 Oct 2021
Why the financial industry is turning to the cloud
Sponsored

Why the financial industry is turning to the cloud

25 Oct 2021