Some of the more common types of data breaches include the following: ↑ 6.0 6.Data breaches come in many different forms.↑ Sarah Coble, Hackers Steal Data from United Nations, InfoSecurity (9 September 2021).↑ 4.0 4.1 4.2 Scott Ikeda, United Nations Data Breach: Hackers Obtained Employee Login From Dark Web, Are Executing Ongoing Attacks on UN Agencies, CPO Magazine (16 September 2021).computer networks earlier this year, The Washington Post (9 September 2021) ↑ 2.0 2.1 2.2 2.3 2.4 Pierluigi Paganini, The United Nations this week confirmed that its computer networks were hit by a cyberattack earlier this year, as first reported by Bloomberg, Security Affairs (10 September 2021).Scenario 12: Cyber operations against computer data Scenario 04: A State’s failure to assist an international organization Scenario 02: Cyber espionage against government departments The Umoja system announced in July 2021 that it “migrated to Microsoft Corp.’s Azure, which provides multifactor authentication” providing enhanced security against breaches.Īlthough no scenario addresses this exact set of circumstances, relevant scenarios include: Īccording to analysts, both the reconnaissance and the information stolen may be used to support future attacks against the UN or its agencies.
The UN confirmed that the organization is frequently targeted by cyberattacks and that further attacks linked with the initial breach were detected.
For its part, the company affirmed that on the latest breach the attackers compromised at least 53 UN accounts and that there was proof of data breach of UN computer system, including the theft of documents with sensitive information. According to Resecurity, the UN informed that the incident “was limited to reconnaissance, and that the hackers had only taken screenshots while inside the network”, while no data was exfiltrated. There was no reported damage to the system. The UN stated on 9 September 2021 that the attack had been detected before said notification and that corrective actions had been and were being implemented.
The cybersecurity company Resecurity informed the UN of the breach early in 2021. The attack allegedly aimed at performing “network intrusion” and “compromising large numbers of users within the UN network for further long-term intelligence gathering”, monitor and collection of specific data. There was reportedly no damage or sabotage to the computer networks. The purpose behind the incident has not been clarified. The Umoja system accounts were allegedly not protected by a two-factor authentication feature, a standard security practice, until July 2021. According to Bloomberg News, the same credentials were still sold by different users by 5 July 2021.
#DATA BREACH 2021 SOFTWARE#
The suspected method of access to the management software was through UN employees’ accounts using stolen credentials – username and password –, acquired on the dark web. the United Nations’ “proprietary project management software”, and from there gained more extensive access to the UN’s network. Īccording to several sources, including the cybersecurity firm that alerted the UN of the breach, the hackers targeted the Umoja system, i.e. United Nations’ computer network infrastructure. It is unclear whether it could have been a criminal group or if the actors were state-related. The identity of the hackers has not been yet determined. The attackers were allegedly still active on the network up to 7 August 2021. The first reported access to the United Nations’ system was on 5 April 2021.
0 kommentar(er)
