When is a Data Breach Not? The WHO and Gates Foundation Compromises

Recently, the World Health Organization (WHO) and other healthcare organizations have reported multiple cyberattacks. So far, the WHO remains largely unaffected by these attacks. However, these attacks show that cybersecurity is not just a binary of data breach and secured; every security event can complicate your workflows and goals. 

What is Going On at the WHO? Why are Hackers Targeting It?  

The identity of these hackers remains unknown, although some suspect nation-state hackers might have some involvement. Other suspect conspiracy theorists, who hold the WHO responsible for the coronavirus pandemic for no sensible reason. The truth probably lies in between, as both could have motives to target the WHO. 

Currently, top officials of the WHO have weathered a number of cyberattacks, including an untold number of phishing attacks. However, more recently the organization also suffered from what appeared to be a data leak of medical researchers’ emails and passwords. Documents containing this information, including information from the Bill and Melinda Gates and the Wuhan Institute of Virology, appeared on fringe message boards. While this may appear a devastating breach of thousands of emails, it isn’t all that it seems. 

What Actually Happened? 

Although the documents seemed recent, Steve Ragan of Akamai Technologies discovered the emails were leaked in previous breaches. According to Ragan, hackers responsible most likely just searched for known emails from these critical healthcare organizations and compiled them. Many of the emails were outdated and closed. 

Additionally, the leaked passwords couldn’t offer access to sensitive internal systems, as the WHO uses two-factor authentication to mitigate these attacks. 

At the same time, the passwords could access the “Extranet,” a WHO-website. This forced the WHO to migrate to a more secure system, costing them time and resources. Additionally, the WHO announced doubling the size of its security team and working with five security companies. Doing so requires a significant investment, which the WHO could otherwise use to work on containing the coronavirus. 

What Experts Say About the WHO Cyber-Attacks

Colin Bastable

Colin Bastable is CEO of Lucy Security.

These credentials are most likely from earlier data breaches, usually where people have used work emails on compromised third-party sites, hotel bookings, rewards programs, etc. The common “covid” nature of the organizations targeted strongly suggests that they are old credentials that have been bundled to take advantage of the current Wuhan virus crisis. The leaks may also be tied to political hostility to the Gates Foundation’s work on vaccinations and its participation in an October 2019 pandemic wargaming session, Event 201. So this “leak” may be a politically-motivated action designed to capitalize on the WHO’s woes and Gates drive to promote his Foundation’s vaccines combined with tech-based lockdown “passports.”

Craig Cooper

Craig Cooper is COO of Gurucul.

At a time when the health of the global population is at risk, it’s truly heartbreaking to have to divert resources from saving lives to saving the PII data of WHO staff. It, unfortunately, reinforces the need for every organization to secure their systems and data on a continuous basis with modern cyber defenses. Machine learning-based security analytics gets ahead of bad actors and would have detected the host compromise that impacted the older WHO system. Monitoring network and host behaviors in real-time is the most effective way to detect anomalous activity indicative of cyberattacks before criminals can gain a foothold to then exfiltrate data.

What Does It Mean For Your Enterprise?

Cybersecurity incidents like those endured by the WHO show that a cyber attack can cause problems even if it doesn’t result in a breach. Responding to an incident can prove costly and time-consuming in and of itself. 

You can learn more in our Endpoint Security Buyer’s Guide.