The United Nations is a prime target for cyber attacks due to its far-reaching international network. In 2020, an internal report stated 42 servers had been compromised as well as administrator accounts.
Then in April 2021, another ongoing data breach compromised data in the Human Resources offices of the United Nations. Both times, it wasn’t the United Nations that reported these attacks. In the first case, it was a leaked internal report that broke the news. This confidential report detailed the July 2019 attack and asked staff to change their passwords. It appears from the report that the UN discovered the breach a month after it happened. What’s more, the breach itself was the result of a known vulnerability that already had a patch.
News of this year’s attack came from a report by Bloomberg News, after cybersecurity experts noticed that UN information was up for sale in black markets. Cybersecurity firm Resecurity also notified the UN earlier this year, but reported that they weren’t taken seriously.
“Corrective actions to mitigate the impact of the breach had already been planned,” explained Stéphane Dujarric, spokesman for the U.N. Secretary-General. The spokesman went on to explain that there were additional, ongoing attacks happening every day that the UN cybersecurity team was responding to.
Attacks like these – and the lack of transparency from the UN – show us just how dangerous an effective cyberattack can be. Using stolen credentials, a hacker can gain access to global data and international networks that could even compromise governments, all without us even knowing.
Comments