The United Nations' computer network was hacked earlier this year, and many departments are still working hard to deal with the fallout, a spokesperson for the intergovernmental peacekeeping force recently announced.
"We can confirm that unknown attackers were able to breach parts of the United Nations infrastructure in April of 2021 … The United Nations is frequently targeted by cyberattacks, including sustained campaigns," UN Secretary-General spokesperson Stéphane Dujarric said, according to Bloomberg. "We can also confirm that further attacks have been detected and are being responded to, that are linked to the earlier breach."
A very basic hack
While the impact of the data breach has been far-reaching, the method hackers used to carry it out was actually incredibly simple. The cybercriminals simply used a UN employee's login information, most likely bought from the dark web, to gain access to the organization's project management software, Umoja. According to CPO Magazine, the login credentials were probably accessed through a separate data breach and may have been purchased for as little as $1,000 — a chilling sign for other enterprises. Bloomberg reported that UN credentials were still available for purchase off of the dark web as recently as July.
The Umoja program proved a fruitful entry point for hackers because it did not require two-factor authentication. The security feature, a must for organizations dealing with sensitive information, became an option on the program mere months after the breach first occurred. Once in the system, hackers were able to intrude further and further into the system, going months without being detected. The hackers had access to the UN system from early April until at least August.
The breach was eventually discovered by the cybersecurity firm Resecurity, which worked with the UN to help mitigate the damage already done. While the UN announced that the hackers only took screenshots of internal information, Resecurity claimed it found evidence that data was also exfiltrated, or removed from the network. In all, more than 50 unique UN accounts were compromised in some way.
Not the first attack
As a prominent organization with workers and contacts spanning the globe, it's no surprise that the United Nations is a frequent target for cybersecurity exploits.
"Organizations like the UN are a high-value target for cyber-espionage activity," said Gene Yoo, Chief Executive Office at Resecurity, the firm that assisted the UN with the breach.
In 2018, for example, the organization's Organisation for the Prohibition of Chemical Weapons had to deal with a major breach carried out by hackers believed to be backed by the Russian government. The hack was possibly a response to the UN's investigation of the Kremlin's use of a nerve agent for an assassination attempt, CPO Magazine noted. The following year, the UN's core internal network was compromised, mostly impacting offices in Vienna and Geneva.
Several smaller attacks have most likely occurred as well, including the one that compromised the login credentials involved in this most recent data breach. Many of these breaches may go entirely undetected.
Cybersecurity tools you can trust
Even if you're not an international organization with offices around the world and connections to prominent political leaders, as the UN is, protecting sensitive information like employee login credentials is essential. The long-term savings of avoiding a breach could be enormous, especially if you stand to face litigation for mishandling consumer data should a breach occur. While basic cybersecurity principles like multi-factor authentication could have gone a long way towards preventing this attack, there are other steps organizations can take. One of the easiest and most important ways to shore up your network is by ensuring all of your applications are protected by modern, secure identity frameworks. This can include multi-factor authentication, and some vendors are even moving to integrate biometric recognition technologies such as fingerprint readers.