There has been a massive increase in cyberattacks since the COVID-19 pandemic started. The World Health Organization (WHO) has even been a target. The number of cyber-attacks directed at WHO have increased five-fold over the last years, and hackers leaked hundreds of active WHO credentials online. The WHO said in response that it has seen a dramatic increase in cyberattacks and email scams against its workforce during the COVID-19 pandemic.
Attackers dump online over 25 thousand email addresses and passwords
Hackers leaked and posted online over 25 thousand email addresses and passwords from popular health organizations like WHO, Gates Foundation, and National Institutes of Health. Additionally, hackers tried to breach the network of the global health agency and its partners starting from March 13, but did not succeed.
The SITE Intelligence Group, which monitors terrorist groups and online extremism, found thousands of credentials online. These credentials allegedly belonged to the WHO, Gates Foundation, the NIH, as well as other groups that are trying to fight the coronavirus pandemic.
In its statement, the World Health Organization noted that hackers dumped online over 450 active WHO email addresses and passwords, along with thousands of email addresses and passwords belonging to other organizations. However, those leaked credentials did not put the global health agency at any risk because the data was old. Additionally, the agency noted that the attackers tried to channel donations to a fictitious fund belonging to them instead of to the authentic COVID-19 Solidarity Response Fund.
WHO migrating affected systems to a more secure authentication system
In order to secure its systems, WHO plans to move its affected system to a more secure authentication system.
It is working with the private sector to establish stronger internal systems, educating staff on cybersecurity risks, and improving its security measures.