As the shocking news recently emerged that hackers breached the computer networks of the United Nations, it sent shockwaves across the globe. The spokesperson for the U.N Secretary-Generation, Stéphane Dujarric, has confirmed the data breach story on September 9, 2021. He acknowledged that unknown attackers breached parts of U.N infrastructure in April 2021. He also implies that the United Nations is a target of frequent cyberattacks that include sustained campaigns.
Method of Breaking into the United Nations Network
Seemingly, the method of breaking into the U.N network is more probably unsophisticated. There is a likelihood that hackers have used the stolen username and password of an employee belonging to U.N. Suspiciously, the credentials might have come from phishing attacks.
By using the credentials, hackers breached the computer networks of the United Nations and withdrew valuable data. Unfortunately, there is a fear that the extracted information might become a tool to target agencies falling within the United Nations.
Credentials Belong to Project Management Software Named Umoja
According to cybersecurity firm Resecurity, the credentials belong to an account on Umoja. It refers to a project management software of the United Nations. Also, it is used for various business processes regarding H.R., finance, administration, etc. The cybercriminals paved the way to obtain more profound access to the network of the U.N. through it.
The attackers acquired access to the systems of the United Nations on April 5 as the earliest known data. According to experts, a broker presented the set of access credentials for Umoja in April. This intermediary is known to provide access information to the Nefilim ransomware operation.
The entry point of the attackers might have been through its Citrix technology. The reason is that the United Nations used Citrix as an access layer prompting Umoja. For the record, Nefilim has targeted organizations using unpatched or ineffectively secured Citrix remote access technology.
Room for Improvement in the Cybersecurity Posture
Alex Holden is CTO (chief technology officer) at an information security consulting firm named Hold Security. He says the data breach indicates the extent to which many vital governments and organizations need to upscale their cybersecurity posture.
Plus, improvements are now more crucial than ever before. Russian cybercriminals are now targeting global governmental organizations in parallel with targeting the European Union and the United States. In March, Holden also claims that one of the same groups accessing credentials to the U.N. also attempted to sell credentials for a NATO-owned cybersecurity portal.
The Previous Data Breach on United Nations
On the other hand, hackers have previously targeted the United Nations and its agencies as well. In August 2019, a cyberattack compromised the core infrastructure of the U.N that targeted a known vulnerability in the SharePoint platform. The New Humanitarian news organizations reported the news. Before that, there was no disclosure of the data breach.
Switching from United Identity to Microsoft Azure
Since the intrusions, the United Nations has strategically moved to a unique authentication system for Umoja. It switched from United Identity to Microsoft’s Azure, which might consent to a single sign-on to enable Office-365. In addition, Azure encourages multi-factor authentication (MFA). Eventually, it helps reduce the probability of cybersecurity breaches.
Data breach concerning the United Nations is a stark warning to all organizations. Amid cybersecurity attacks one after another in the current year, it is a new addition to the list. Thankfully, the data breach on the networks of the United Nations did not cause damage to its systems. Instead, hackers have withdrawn a trove of data from there. However, it indicates that passwords remain an essential entry point for criminals carrying out cyberattacks. Meanwhile, our cybersecurity advisory and consulting services will help you deal with evolving security threats.