United Nations Under Data Attack

Threat actors have accessed the United Nation’s proprietary project management software, Umoja, earlier this year stealing information to be used in further attacks.

Attacking the UN

The threat actor stole credentials from a United Nation’s employee to breach sections of the UN’s network in April of 2021 and steal critical data. The overall aim was to lift data at targeted agencies within the UN, some already experiencing and responding to attacks linked to the breach.

In a report published last week, the UN confirmed that the unknown attackers breached part of the United Nation’s infrastructure this past April, as well as being constantly targeted for cyberattacks and sustained campaigns.

Previous Campaign

In January 2020, the UN was targeted by the notorious Emotet malware’s concerted phishing campaign which focused on stealing credentials and delivering TrickBot trojans. The infamous attack was the result of a Microsoft SharePoint fault which provided hackers with 400GB of sensitive data.

The latest attack resulted in the theft of credentials belonging to an account on the UN proprietary project management software, which was not enabled through two-factor authentication to secure the entry and access the software to move deeper into the network.

Rediscovery discovered the attack and highlighted the dangers of using a simple username/password process to secure entry to a larger network within an organization. It also underscored organization’s that need to demand stringent security measures to protect the sensitive nature of their business.

Solutions Not Implemented

Whilst it currently remains unclear if any attackers obtained any UN-Specific credentials from any other accounts, eliminating password use from as many systems as possible is the first step to tackling the problem at large. Multi-factor authentication is still promoted to be the most secure all access and should be the default option by now.

Attackers have been active on the UN network for the last 4 months, with the original access coming in April and still detected by August. This could have been prevented by the simple security practice of establishing a hierarchy of privilege for applications within a network, by giving users only access to assets they require to perform their duties and nothing else.

By giving each person the minimum level of trust granted towards the infrastructure, it limits the amount of risk of attackers accessing crucial information.

The UN has further confirmed that hackers only performed reconnaissance in the form of taking screenshots, but were corrected by Resecurity who confirmed with proof that data had also been stolen.

For more information on any upcoming cybersecurity conference, enterprise technology conferences, or big data analytics events, check out the upcoming IT Security events 2021 and IT Security events 2022 from Whitehall Media.