The IT Nerd

It seems that the International Red Cross has been pwned by hackers. The Organization says that they were victims of a “sophisticated cyber-attack” and that data on 515,000 “highly vulnerable” people have been stolen. The BBC has details:

The Geneva-based body said the hackers had targeted an external company in Vienna the ICRC uses to store data.

There is no sign the data has yet been leaked, but the ICRC has had to shut down the system it uses to reunite families separated by war.

ICRC Director-General Robert Mardini said the hack put vulnerable people at greater risk.

“An attack on the data of people who are missing makes the anguish and suffering for families even more difficult to endure,” Mr Mardini said.

“We are all appalled and perplexed that this humanitarian information would be targeted and compromised.”

And he called on those responsible to “do the right thing – do not share, sell, leak or otherwise use this data”.

Well good luck with that because clearly that data is valuable to somebody. And on top of that, the data was swiped from an external company. Which highlights the fact that if you store data with third parties, you all have to be on the same page as to how that data is secured. Otherwise bad things will happen. As is the case here.

The bottom line is that this is not a good situation for anyone.

UPDATE: I have a comment from Darktrace’s David Masson, Director of Enterprise Security:

“Most cyber-criminals steal personal data to monetize the information, but what financial gain could possibly be derived from stealing the personal information of some of our world’s most vulnerable people? This cyber-attack is an unfortunate and devastating example that no one and no organization is immune to cyber harm. The fact that the Red Cross is appealing to the attackers to return the stolen data indicates that it is no longer under the organization’s control, safe-keeping, and trust.  

While reputational damage will be a concern for an organization, it pales compared to the potential harm that may come to already highly fragile individuals and groups. If the attackers do not return the data, then hopefully, the Red Cross receives the aid and support it needs to find and secure the information quickly, start delivering much-needed reassurance to those who rely on the organization, and get its “Restoring Family Links” program back up and running soon.”

UPDATE #2: I got a comment from Saumitra Das, CTO and Cofounder, Blue Hexagon:

“It is critical for organizations to not just worry about their cyber hygiene but also third parties that they use to store their data or host their services including large cloud service providers. Even if you are well secured, your data can still be breached by attacks on third parties. It is critical to evaluate the security controls and not just compliance policies of third parties an organization works with whether they provide appliances, SaaS services, hosting or infrastructure as a service.”

UPDATE #3: Elizabeth Wharton who is the VP, Operations for SCYTHE added this comment:

The disclosed impacted data is attractive to cyber criminals for use in perpetuating fraud, among other possibilities. The data is difficult to protect and can be used for identify theft, for example. These vulnerable populations likely don’t have the resources to follow up and clear the discrepancies due to financial or perhaps personal safety reasons. 

UPDATE #4: Saryu Nayyar, CEO and Founder, Gurucul had this comment:

“This is an ugly attack on individuals and families by threat actors. While the extent of the purpose is unclear, it shows that no organization is safe regardless of the nobility of the cause. Charitable organizations are at least as understaffed as enterprises when it comes to security personnel and resources.  They must augment their security capabilities while keeping costs low. This requires moving to solutions that have true machine learning (ML) and artificial intelligence (AI) engines and advanced analytics to help them automate both threat detection and incident response (TDIR). It also requires a cost structure that allows for flexibility and scale across cloud, on-premise and remote environments without escalating capital and operational expenditure significantly.”

This entry was posted on January 20, 2022 at 8:00 am and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.