In response to a Reuters report that discusses hackers working in the interests of the Iranian government have attempted to break into the personal email accounts of staff at the World Health Organization during the coronavirus outbreak, an expert from KnowBe4 offers perspective.
While the intention of these attackers is not well known, the key attack method, email phishing, certainly is. Spear phishing attacks like the ones used here are how up to 91% of all successful data breaches start. By targeting the WHO during a time of crisis, certainly a time when the people working there are working long hours and under significant stress, the attackers improve their chances of success greatly. While the information they are after is not known, the WHO has access to a lot of sensitive information from countries around the world and is a group that people are watching and looking for trusted information from.
Early in the pandemic, we saw attackers sending phishing emails disguised to look like official information from the WHO, which was being used to steal credentials. These were fairly easy to spot, however, if a legitimate account really was compromised and used to send phishing emails, the impact would be much greater. In addition, if attackers were able to take over any of the official social media accounts for the WHO and use them to spread misinformation, we could see impacts to already struggling economies across the globe. We should look at when the Associated Press had their Twitter account hacked in 2013 to see the impact social media could have on the stock markets.
While there are many different reasons the attackers are focusing on the WHO right now, none of them are likely to be good. The most effective defense against these types of attacks is to educate and train the employees to spot suspected phishing emails and to provide them a way to report them to the staff who can do a technical analysis of the email. This allows employees to keep working while staying as safe from the attacks as possible.