The International Committee of the Red Cross (ICRC) has been the victim of a cyber-attack in which hackers managed to access the data of more than 515,000 extremely vulnerable people. Below is the statement by ICRC in relation to this attack:

“The attack compromised personal data and confidential information on more than 515,000 highly vulnerable people, including those separated from their families due to conflict, migration and disaster, missing persons and their families, and people in detention.” The body, which has its headquarters in Geneva, had no immediate indication as to who might have carried out the attack. It said the hackers targeted an external company in Switzerland that the ICRC contracts to store data. There was no evidence so far that the compromised information had been leaked or put in the public domain.”

Subscribe
Notify of
guest

19 Expert Comments
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Matt Aldridge
Matt Aldridge , Principal Solutions Architect
InfoSec Expert
January 24, 2022 2:07 pm

<p>It’s clear that the public sector is currently a key target for cybercriminals amid the pandemic, and unfortunately this attack has demonstrated that the charity sector is no different.</p>
<p>Although we’ve seen a recent trend of cybercriminals becoming more ‘ethical’ in the types of organisations they go after, ICRC may hold valuable personal, operational, and political data which makes them a tempting target for malicious state and criminal actors alike.  </p>
<p>A potential concern here is the use of stolen data to enable further attacks. It is much easier to fool victims with a phishing email once you know details about them. Individuals should remain vigilant in scrutinising the types of emails they receive and remember to never share personal or financially sensitive information over the internet. Unfortunately, these threats are becoming more sophisticated and believable, and it only takes one click to put users and entire organisations at risk. </p>
<p>It’s therefore crucial for all charitable organisations to consider cybersecurity defences as a necessity and to secure the necessary budget and mindset to implement them. Secondly, data must always be backed up so systems can be restored if needed. Staff training is another essential for defending against phishing and other social engineering attacks, so they know what to look out for. The training materials used also need to be constantly updated to reflect the latest threat trends, and regular simulations should be run to ensure that the training is having the desired effect. </p>
<p>Finally – as we see in this case, the security of third-party vendors must be carefully scrutinised, and outsourcing a particular technical challenge does not absolve the purchaser of its responsibilities around data protection.  Attacks against supply chains and managed service providers are continuing to grow in volume and sophistication, so ensure that you evaluate your partners carefully.</p>

Last edited 8 months ago by Matt Aldridge
Jamie Moles
Jamie Moles , Senior Technical Manager
InfoSec Expert
January 21, 2022 12:51 pm

<p><span id=\"m_-6000012257292063647m_3674584368233381341gmail-docs-internal-guid-34a85fe3-7fff-5a52-e8e8-aa5fad40f11c\"><span style=\"color: #000000;\">Charity is big business nowadays. There is much concern from charity watchdogs about some larger organisations holding significant capital in investments and not spending it on the cause they are meant to be championing. A few prominent charities in the UK have been accused of spending less than 10% of their income on their stated mission – the rest going on salaries, premises and marketing. So, from an entrepreneurial criminals point of view, attacking these organisations would be no different to attacking any other large business. However, the <a href=\"https://www.redcross.org.uk/get-involved/donate/donation-questions/how-we-spend-the-money-we-receive\" target=\"_blank\" rel=\"noopener\" data-saferedirecturl=\"https://www.google.com/url?q=https://www.redcross.org.uk/get-involved/donate/donation-questions/how-we-spend-the-money-we-receive&source=gmail&ust=1642854242929000&usg=AOvVaw0NhkiUTS_XEuqVRf4G9keu\">Red Cross is reputed to spend 72% of its donations</a> on charitable services.<br /><br />This could play out in a number of ways. The charity could – and should – plead their case to the extorters not to release the data. The attackers could be concerned about bad press surrounding attacking a charity and move onto other targets. Finally, charities aren’t well known for spending money on security. Perhaps this might force a review of priorities.</span></span></p>

Last edited 8 months ago by Jamie Moles
Brooks Wallace
Brooks Wallace , VP EMEA
InfoSec Expert
January 21, 2022 12:44 pm

<p>The attack suffered by the Red Cross is extremely worrying, with the data of 515,000 \"highly vulnerable people\" at risk. While they are still uncertain as to who conducted this attack, other cyber gangs now know that there are vulnerabilities within the Red Cross’ third party data storage provider. Unfortunately, when threat actors know that an organisations’ data is vulnerable and can be easily stolen, they are likely to return. <u></u><u></u> <u></u><u></u></p>
<p>With operations unable to run at 100% it can have damaging and lasting impacts on families. The Red Cross have already said that on average when the organisation isn\’t under a cyberattack, it reunites 12 missing people with their families a day. When seconds are vital in a missing person case, the last thing an organisation needs is for their data to be missing and that it could take weeks to recover or may never be recovered. <u></u><u></u> <u></u><u></u></p>
<p>Humanitarian organisations are often a priority target to cyber criminals due to the amount of personal information they hold. During the early months of the pandemic, ransomware gangs had promised not to target medical organisations due to the pressure they were under, however, there is no honour among thieves and they soon started stealing medical data. Gangs are ruthless, they don’t care about the humanitarian cause of an organisation and are only interested in targets which yield the greatest monetary gain. Organisations can no longer afford to think about ways to mitigate impacts of cyberattacks but must instead prevent them from infecting their network. <u></u><u></u> <u></u><u></u></p>
<p>Most solutions, like endpoint detection and response (EDR), need an attack to execute before it can identify activity as malicious or benign, which is too slow when the fastest ransomware attacks can encrypt data within 15 seconds. Organisations need to invest in solutions that use technology, such as deep learning, which can <span lang=\"EN-US\">deliver a sub-20 millisecond response time to stop malware pre-execution and before it can take hold. Humanitarian organisations are already trying to solve enough time-pressure situations, the last thing they need looming over their heads is the threat of a cyberattack.</span></p>

Last edited 8 months ago by Brooks Wallace
Chris Clements
Chris Clements , VP
InfoSec Expert
January 21, 2022 12:42 pm

<p>This attack is beyond disgusting, but sadly not surprising. Any data that is valuable to threat actors will be targeted for compromise and there are many potential motivations for pursuing this information. It could be politically motivated to target those fleeing conflict, financially related to target for fraud- think sending family members of those whose information was compromised with requests for money, or simply a target of opportunity. The lack of public extortion demands could indicate the attack is more likely to be politically motivated, but it’s difficult to say for sure. This incident reinforces the desperate need for organizations to evaluate the risk that their business partners and vendors expose them to. It’s not enough to assume the organizations you share data with are doing their due diligence to ensure that the data is secure. It’s incumbent on organizations to press their business partners and vendors to actively demonstrate that they are appropriately protecting their data with the suitable technical and operational controls, continuous monitoring, and regular testing to validate that no mistakes may have occurred to expose the organization to risk. It’s also just as important for organizations to consider what additional controls they may have at their disposal to protect themselves above and beyond what their vendors or business partners may be doing. It’s impossible to say without understanding the nature of how this data was being used, but it may have been possible for the Red Cross to prevent this breach by applying their own data encryption layer such that even if their provider got breached, attackers would not be able to steal unencrypted information.</p>

Last edited 8 months ago by Chris Clements
Chris Boyd
Chris Boyd , Lead Malware Intelligence Analyst
InfoSec Expert
January 21, 2022 12:41 pm

<p>This is a potentially devastating breach for the families of missing individuals, as stolen information could be used to phish or scam those looking for friends and family. We saw multiple cases of this during the Japan earthquake and tsunami in 2011, with fake Red Cross websites, emails, and more. By and large, those attacks were untargeted. If this data leaks, it may place relatives of the missing in perilous situations and leave them open to highly targeted blackmail and fraud. Named individuals fleeing certain oppressive governments could be left vulnerable to abuse, depending on whose hands the data falls into. </p>
<p>The ICRC, and the Red Cross more generally, have been attacked several times down the years. It remains to be seen if the external company hosting the compromised data was aligned with the guidance and suggestions in the ICRC handbook on data protection.</p>

Last edited 8 months ago by Chris Boyd
Information Security Buzz
19
0
Would love your thoughts, please comment.x
()
x