COVID19 Pandemic Leads to Massive Increase in WHO Cyberattacks

It has been revealed that the World Health Organization has suffered a surge in the number of hacking attempts on its databases in the last month as a result of the COVID-19 Pandemic.

Chief Information Security Officer for the WHO, Flavio Aggio, issued a statement that said a large number of fraudulent WHO web pages have been discovered that have been created to trick people into handing over personal information. The purpose of the websites was to steal passwords from agency employees.

Aggio stated: “There has been a big increase in targeting of the WHO and other cybersecurity incidents. There are no hard numbers, but such compromise attempts against us and the use of (WHO) impersonations to target others have more than doubled.”

The attacks were first noticed by an attorney with the New York-based Blackstone Law Group, Alexander Urbelis.  While it has not been confirmed who is responsible for conducting the attacks, it is believed that the attempts did not bear any fruit.

Urbelis, speaking about the discovery of the hacking attempts to news agency Reuters said: “I realised quite quickly that this was a live attack on the World Health Organisation in the midst of a pandemic. It’s (the number of attacks taking place) still around 2,000 a day. I have never seen anything like this.”

Blackstone runs a domain registration activity monitoring service which Urbelis works on. He first identified the attacks on March 13 when he noticed a cybersecurity group he was following had set up a web page that was very like WHO’s internal email system. He sent messages to email addresses that the site was registered with but these were not returned.

In February, a news alert was issued by WHO warning of hackers pretending to be part of the organisation. Similar warnings were issued by a number of other agencies and governments in a bid to stem the tide of cyberattacks during the COVID-19 pandemic.

The scale of the attacks being carried on WHO is like nothing ever witnessed previously. The attacks are believed to be the work of a group of hackers known as DarkHotel – a group that has been in operation since 2007 and is renowned for attacks in East Asia – the area first hit by the coronavirus.

As some of the specific targets in these attacks have included government employees and business executives in places such as China, North Korea, Japan, and the United States, the possible link between the two is difficult to ignore – although there is no definitive proof to confirm this as of yet.



Author: Maria Perez