United Nations Hacked – Security Expert Comments

An internal confidential document from the UN was leaked, saying that 42 servers were “compromised” and another 25 were deemed “suspicious,” nearly all at its offices in Geneva and Vienna.

Three of the compromised servers belonged to the Office of the High Commissioner for Human Rights, and two were used by the U.N. Economic Commission for Europe.

The U.N. document also highlights a vulnerability in the software program Microsoft Sharepoint, which could have been used for the hack.

Experts Comments

January 31, 2020
Tal Zamir
Founder and CTO
Hysolate
We hear more and more stories about organizations that end up disconnecting their servers and endpoints from the internet: it's not just the United Nations, but also Singapore, Japan, South Korea as well as financial institutions worldwide that choose isolation as a significantly more resilient strategy. In light of today's threats, organizations should consider isolation approaches that range from creating network segments to isolating internet-connected applications on user endpoints.
January 31, 2020
Shay Nahari
Head of Red Team Services
CyberArk
The compromise of core infrastructures at the UN is troubling – especially considering the specific offices targeted and the information they hold. One of the most critical steps for the UN to take now should be focused on strategic post-breach actions focused on remediation – such as ensuring credentials are properly managed, rotated and audited to stop additional incidents or any attempt at lateral movement. Once attackers gain control over an entire infrastructure, they can persist and.....Read More
The compromise of core infrastructures at the UN is troubling – especially considering the specific offices targeted and the information they hold. One of the most critical steps for the UN to take now should be focused on strategic post-breach actions focused on remediation – such as ensuring credentials are properly managed, rotated and audited to stop additional incidents or any attempt at lateral movement. Once attackers gain control over an entire infrastructure, they can persist and hide to have a longer-term presence. How they got in, or why, is irrelevant now.  Read Less
January 30, 2020
Jake Moore
Cybersecurity Specialist
ESET
I believe no one should be covering up attacks in any way, shape or form. We have learnt that being open and honest about cyberattacks can in fact help the brands and organisations in the wake of these hacks and help build stronger defences going forward. Owning up to a data breach or vulnerability usually brings the cyber security industry together, and can provide help and support. It also helps other organisations who may be at risk with similar vulnerabilities. Although it is yet to be.....Read More
I believe no one should be covering up attacks in any way, shape or form. We have learnt that being open and honest about cyberattacks can in fact help the brands and organisations in the wake of these hacks and help build stronger defences going forward. Owning up to a data breach or vulnerability usually brings the cyber security industry together, and can provide help and support. It also helps other organisations who may be at risk with similar vulnerabilities. Although it is yet to be seen how this attack was carried out, there is a lot to be learnt within the industry about reporting breaches, and hopefully over the next few years we will start to see a more honest approach.  Read Less
February 12, 2020
Ed Williams
Director EMEA, SpiderLabs
Trustwave
As if we need it, this is further warning to organisations and enterprises around the world about the importance of patch management and patching in a timely manner. We must remember that cybercriminals are actively looking for ways to exploit vulnerabilities as soon as they are made public. When vendors issue critical patches for software, organisations should take note and act appropriately. Where we typically see failings is around asset management, and speed of deployment around critical.....Read More
As if we need it, this is further warning to organisations and enterprises around the world about the importance of patch management and patching in a timely manner. We must remember that cybercriminals are actively looking for ways to exploit vulnerabilities as soon as they are made public. When vendors issue critical patches for software, organisations should take note and act appropriately. Where we typically see failings is around asset management, and speed of deployment around critical patches. Organisations who have maturity in this space tend to act quicker and patch ‘critical’ systems in a timely manner.  Read Less
January 30, 2020
Craig Hinkley
CEO
WhiteHat Security
In a tense geo-political climate, nation-state attacks are on the rise, and this comes as no surprise. These attacks have the potential to cause serious havoc to systems around the world, often targeting critical infrastructure like power grids and industrial control systems, as well as government agencies. With the focus of today’s headlines on the United Nations, it appears the international entity has been targeted with malware that was potentially leveled through an application.....Read More
In a tense geo-political climate, nation-state attacks are on the rise, and this comes as no surprise. These attacks have the potential to cause serious havoc to systems around the world, often targeting critical infrastructure like power grids and industrial control systems, as well as government agencies. With the focus of today’s headlines on the United Nations, it appears the international entity has been targeted with malware that was potentially leveled through an application vulnerability in MS SharePoint. For years, these app vulnerability attacks have successfully disrupted operations and leaked sensitive information. While security teams investigate which country may have launched this attack, our job as security professionals is to recognize that the threats are bigger than just one country. This is a global problem that we’re contending with, and staying ahead of nation-state attacks is fundamentally a matter of proactively taking steps and using vigilance to limit the impact of an attack. WhiteHat Security has the resources, technology and services to help the U.N. and other agencies defend against sophisticated cyberattacks like this one. We’re actively partnering with the public sector to defend against rising nation-state attacks by offering our dynamic application security testing (DAST) and an entry-level static application security testing (SAST) solution to agencies at no charge.  Read Less
January 30, 2020
Joe Lareau
Senior Security Engineer
Exabeam
In the face of rising political tensions globally, all companies and government agencies alike must remain vigilant. As nation-state actors are the most sophisticated attackers, traditional protections against breaches are likely inadequate. To protect themselves, organizations will need to be able to quickly detect and respond to any breaches. One critical step all of these entities can take now is to monitor for tactics, techniques and procedures (TTPs) specific to various state-sponsored .....Read More
In the face of rising political tensions globally, all companies and government agencies alike must remain vigilant. As nation-state actors are the most sophisticated attackers, traditional protections against breaches are likely inadequate. To protect themselves, organizations will need to be able to quickly detect and respond to any breaches. One critical step all of these entities can take now is to monitor for tactics, techniques and procedures (TTPs) specific to various state-sponsored groups. Researchers and security analysts can view the full list here: https://attack.mitre.org/groups/, then review these groups' typical tactics and techniques by clicking on each group name. Overall, we recommend building and using ‘defense in depth’—multiple layers of controls that involve staffing, procedures, technical and physical security for all aspects of the security program. As part of this, these entities should also consider utilizing behavioral analytics technologies on the network, which track and learn users’ baseline behavior and immediately notify security analysts of anomalous behavior that could be indicative of a breach or infiltration.  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.