Major United Nations data breach leaves the international organization scrambling

The United Nations' computer network was hacked earlier this year, and many departments are still working hard to deal with the fallout, a spokesperson for the intergovernmental peacekeeping force recently announced.

"We can confirm that unknown attackers were able to breach parts of the United Nations infrastructure in April of 2021 … The United Nations is frequently targeted by cyberattacks, including sustained campaigns," UN Secretary-General spokesperson Stéphane Dujarric said, according to Bloomberg. "We can also confirm that further attacks have been detected and are being responded to, that are linked to the earlier breach."

A very basic hack

While the impact of the data breach has been far-reaching, the method hackers used to carry it out was actually incredibly simple. The cybercriminals simply used a UN employee's login information, most likely bought from the dark web, to gain access to the organization's project management software, Umoja. According to CPO Magazine, the login credentials were probably accessed through a separate data breach and may have been purchased for as little as $1,000 — a chilling sign for other enterprises. Bloomberg reported that UN credentials were still available for purchase off of the dark web as recently as July.

The Umoja program proved a fruitful entry point for hackers because it did not require two-factor authentication. The security feature, a must for organizations dealing with sensitive information, became an option on the program mere months after the breach first occurred. Once in the system, hackers were able to intrude further and further into the system, going months without being detected. The hackers had access to the UN system from early April until at least August.

The breach was eventually discovered by the cybersecurity firm Resecurity, which worked with the UN to help mitigate the damage already done. While the UN announced that the hackers only took screenshots of internal information, Resecurity claimed it found evidence that data was also exfiltrated, or removed from the network. In all, more than 50 unique UN accounts were compromised in some way.

The United Nations does peacekeeping work all around the world.
The United Nations does peacekeeping work all around the world.

Not the first attack

As a prominent organization with workers and contacts spanning the globe, it's no surprise that the United Nations is a frequent target for cybersecurity exploits.

"Organizations like the UN are a high-value target for cyber-espionage activity," said Gene Yoo, Chief Executive Office at Resecurity, the firm that assisted the UN with the breach.

In 2018, for example, the organization's Organisation for the Prohibition of Chemical Weapons had to deal with a major breach carried out by hackers believed to be backed by the Russian government. The hack was possibly a response to the UN's investigation of the Kremlin's use of a nerve agent for an assassination attempt, CPO Magazine noted. The following year, the UN's core internal network was compromised, mostly impacting offices in Vienna and Geneva.

Several smaller attacks have most likely occurred as well, including the one that compromised the login credentials involved in this most recent data breach. Many of these breaches may go entirely undetected.

Cybersecurity tools you can trust

Even if you're not an international organization with offices around the world and connections to prominent political leaders, as the UN is, protecting sensitive information like employee login credentials is essential. The long-term savings of avoiding a breach could be enormous, especially if you stand to face litigation for mishandling consumer data should a breach occur. While basic cybersecurity principles like multi-factor authentication could have gone a long way towards preventing this attack, there are other steps organizations can take. One of the easiest and most important ways to shore up your network is by ensuring all of your applications are protected by modern, secure identity frameworks. This can include multi-factor authentication, and some vendors are even moving to integrate biometric recognition technologies such as fingerprint readers.

Here at the Inventu Corporation, we equip organizations of all sizes with a revolutionary web terminal emulation tool called Inventu Viewer+, a high performance emulation solution that is built with C at its core. Inventu Viewer+ supports SAML 2.0 and other identity technologies to enable securing your critical mainframe applications. This allows deployment of reliable and safe software using clean HTML and JavaScript hosted on secure Windows servers.  All in all, the Inventu Viewer+ web terminal emulation meets employer and staff expectations in a way that feels both familiar and simple. Contact us today and see how Inventu can help you integrate your active terminal emulation with the best web identity frameworks available.