A news release issued by the World Health Organization (WHO) today says this week, some 450 active WHO email addresses and passwords were leaked online along with thousands belonging to others working on the novel coronavirus response. The leaked credentials did not put WHO systems at risk because the data was not recent. However, the attack did impact an older extranet system, used by current and retired staff as well as partners. WHO is now migrating affected systems to a more secure authentication system.
At a time when the health of the global population is at risk, it\’s truly heartbreaking to have to divert resources from saving lives to saving the PII data of WHO staff. It unfortunately reinforces the need for every organization to secure their systems and data on a continuous basis with modern cyber defenses. Machine learning based security analytics gets ahead of bad actors and would have detected the host compromise that impacted the older WHO system. Monitoring network and host behaviors in real-time is the most effective way to detect anomalous activity indicative of cyberattacks before criminals can gain a foothold to then exfiltrate data.
These credentials are most likely from earlier data breaches, usually where people have used work emails on compromised third-party sites, hotel bookings, rewards programs, etc. The common “covid” nature of the organizations targeted strongly suggests that they are old credentials that have been bundled to take advantage of the current Wuhan virus crisis. The leaks may also be tied to political hostility to the Gates Foundation’s work on vaccinations and its participation in an October 2019 pandemic wargaming session, Event 201. So this “leak” may be a politically-motivated action designed to capitalize on the WHO’s woes and Gates drive to promote his Foundation’s vaccines combined with tech-based lockdown “passports.