image
The World Health Organization (WHO) has attracted the notice of cybercriminals as the worldwide COVID-19 pandemic continues to play out, with a doubling of attacks recently, according to officials there. Problematically, evidence has also now surfaced that the DarkHotel APT group has tried to infiltrate its networks to steal information. Alexander Urbelis, cybersecurity researcher/attorney at Blackstone Law Group, told Reuters that he personally observed a malicious site being set up on March 13 that mimicked the WHO’s internal email system. Its purpose was to steal passwords from multiple agency staffers, and Urbelis noted that he realized “quite quickly that this was a live attack on the World Health Organization in the midst of a pandemic.” The attack appeared to be aimed at achieving a foothold at the agency rather than being an end unto itself: “The criminals are attempting to create similar and convincing website and email domains to leverage fear and lure people to open attachments or click a link,” explained James McQuiggan, security awareness advocate at KnowBe4, via email. “This in turn can load malware onto their systems and cause systems to be compromised.” As for the “why” of the attack, which was thwarted, Kaspersky researcher Costin Raiu told Reuters that information about remediation for coronavirus – such as cures, tests or vaccines – would be invaluable to any nation-state’s intelligence officials. In line with that, unnamed sources told the outlet that…

Source