Cyber attacks have struck companies, cities and now apparently even the United Nations. On Thursday, the U.N. confirmed a report that its systems had been breached in April, and that the attacks related to that original attack had been ongoing. The intergovernmental organization made the stunning announcement in response to a report that first appeared on Bloomberg news.
“We can confirm that unknown attackers were able to breach parts of the United Nations infrastructure in April of 2021,” Stéphane Dujarric, spokesman for the U.N. Secretary-General, said in a statement.
According to Bloomberg, the breach went public after cybersecurity firm Resecurity reportedly found that the hackers were still active on U.N. networks as recently as early last month. Researchers at Resecurity had notified the U.N. of the attack earlier in the year. However, instead of addressing the problem, the U.N. had stopped responding to the security firm when Resecurity provided evidence that data had been stolen.
“This attack had been detected before we were notified by the company cited in the Bloomberg article, and corrective actions to mitigate the impact of the breach had already been planned and were being implemented,” Dujarric added. “At that time, we thanked the company for sharing information related to the incident and confirmed the breach to them.”
UN is a Frequent Target for Cyber Attacks
This isn’t the first time that the U.N. has been targeted by cyber criminals and hackers, and Dujarric added that the organization faced frequent such efforts to breach its networks, including sustained campaigns.
The spokesman further confirmed that additional attacks had been detected, and those were likely linked to the earlier breach, but that it was “being responded to.” Dujarric also confirmed that the crisis isn’t over.
Cybersecurity experts have said that this brazen attack is not unusual, nor is the U.N. response.
“The tactically simple but successful cyberattack on the United Nations’ computer networks, now being reported as an ongoing breach with activity occurring for months, accentuates two very clear points,” said Trevor Morgan, product manager with data security specialists Comforte AG.
“First, that while the impression of hackers is usually of technical geniuses using brilliant attack methods and sophisticated tools to skirt defensive measures, the reality is far from it. A majority of incidents are due to preventable human error or simple methods of attack such as stolen credentials,” Morgan told ClearanceJobs via an email.
“Second, that cybersecurity isn’t just a personal issue that affects our individual PII and sensitive financial information – though these are key concerns too,” added Morgan. “It is a matter of national security and potentially affects every single one of us with the repercussions of attacks on national entities. Quite simply, we can’t take cybersecurity and data protection seriously enough, at the personal level, at the organizational level, and at the national/international level.”
An International Problem
While it is unclear what the hackers may have gained access to, in past breaches, records from the U.N.’s human rights office were compromised. The fact that any data may have some value makes these attacks increasingly common.
Additionally, and more ominously, such attacks are increasingly easy to pull for several reasons, explained Saumitra Das, CTO and cofounder of Blue Hexagon.
“Initial access via credentials purchased from the dark web is now becoming standard modus operandi,” said Das. “So much so that we now have Initial Access Brokers (IABs) who specialize in just that and then sell off that access to other entities like ransomware affiliates or state sponsored groups.
“Usually, organizations are too focused on the perimeter and once the attacker is inside there is little visibility on-premises and in the cloud,” Das told ClearanceJobs via an email. “Organizations need to focus on both Endpoint and Network monitoring with a well-defined approach to detection engineering to deal with these types of stealthy attacks.”
Other efforts need to be implemented as well.
“For enterprises and other organizations, emphasizing a culture of data security from top down – embraced by leaders and workers alike – goes a long way toward heading off human error and mistakes which could lead to stolen credentials and subsequent breaches,” suggested Morgan.
He further added that expanding the toolkit of preventative data protection methods is an absolute necessity.
“Let’s face it – traditional protections just aren’t working, mostly because they focus on the borders around sensitive data and access through those borders,” said Morgan. “The solution is actually quite simple: protect the data itself! Data-centric methods such as tokenization and format-preserving encryption obfuscate sensitive data elements while retaining data format, making this approach ideal for organizations that want to work with protected data within their workflows without de-protecting that data.”
These efforts may not stop the attacks initially, but it can make the data not be so valuable, and perhaps even worthless.
“No matter who gets hold of the data, it remains protected and cannot be leveraged,” added Morgan. “We should all be united in a commitment to a world-wide culture of better data security, bolstered by data-centric protection in case the worst-case scenario occurs and threat actors actually access highly sensitive information.”