Apparently back in April of this year, the United Nations had their computer systems pwned by hackers who made of with some data. And apparently according to Bloomberg, it wasn’t all that hard:
The hackers’ method for gaining access to the UN network appears to be unsophisticated: They likely got in using the stolen username and password of a UN employee purchased off the dark web.
The credentials belonged to an account on the UN’s proprietary project management software, called Umoja. From there, the hackers were able to gain deeper access to the UN’s network, according to cybersecurity firm Resecurity, which discovered the breach. The earliest known date the hackers obtained access to the UN’s systems was April 5, and they were still active on the network as of Aug. 7.
Ouch. Well that’s a #EpicFail. And the #EpicFail gets worse. The company who found this hack had this sequence of events happen when they informed the UN:
UN officials informed Resecurity that the hack was limited to reconnaissance, and that the hackers had only taken screenshots while inside the network, according to Resecurity. When Resecurity’s [Chief Executive Officer Gene] Yoo provided proof to the UN of stolen data, the UN stopped corresponding with the company, he said.
So the UN shot the messenger. A response that I am seeing more and more of.
The data that the hackers made off with could be used to target agencies within the intergovernmental organization. Which of course is really bad. Saumitra Das, CTO and Cofounder, Blue Hexagon had this to say:
“Initial access via credentials purchased from the dark web is now becoming standard modus operandi. So much so that we now have Initial Access Brokers (IABs) who specialize in just that and then sell off that access to other entities like ransomware affiliates or state sponsored groups.”
“Usually, organizations are too focused on the perimeter and once the attacker is inside there is little visibility on-premises and in the cloud. Organizations need to focus on both Endpoint and Network monitoring with a well-defined approach to detection engineering to deal with these types of stealthy attacks.”
Given how frequent hacks like this have become, businesses of all sizes should heed this advice.