Almost 25,000 email addresses and passwords allegedly belonging to employees of leading health organisations such as the World Health Organisation (WHO) and the US National Institutes of Health (NIH) have been leaked online in what is being described as a “harassment campaign”.
The news comes as WHO reported that it has been forced to double its security resources due to a significant increase in cyber attacks on the organisation since mid-March when the coronavirus moved up to pandemic status.
Director of SITE Intelligence Group Rita Katz told the Washington Post that “Neo-Nazis and white supremacists capitalized on the lists and published them aggressively across their venues (...) calling for a harassment campaign while sharing conspiracy theories about the coronavirus pandemic”.
Microsoft offers free cyber security protection to healthcare staff US and UK cyber officials claim 'coronavirus hackers' are state-sponsored NCSC removes over 2,000 online coronavirus scams Google warns of spike in coronavirus phishing emails Hackers advertise critical Zoom Windows bug for $500,000
Other victims of the breach include the Centers for Disease Control and Prevention (CDC), the World Bank, the Gates Foundation and the Wuhan Institute of Virology, who all had their credentials posted to sites such as 4chan and Pastebin.
According to SITE, which was unable to verify whether the email addresses and passwords were authentic, the NIH was the hardest hit by the breach with 9,938 credentials posted online. The CDC had 6,857 credentials leaked, while the list of WHO email addresses and passwords totalled 2,732.
The Gates Foundation and the Wuhan Institute of Virology lost 269 and 21 credentials respectively.
A spokesperson for the NIH said in a statement: “We are always working to ensure optimal cyber safety and security for NIH and take appropriate action to address threats or concerns."
Yvonne Eskenzi, founder of cybersecurity PR agency Eskenzi, told IT Pro that “it’s too early to say if these credentials are old or current”.
“It just highlights the constant and relentless attacks all companies are under but particularly right now the healthcare is seeing a barrage of attacks of ransomware and credential theft,” she said.
“The healthcare sector has the most valuable and sensitive data and we’ve learnt from our cybersecurity clients that the level of attacks has increased dramatically during the COVID-19 crisis, surpassing the financial sector who have always been the first port of call. This is a sickening and tragic development and shows that there are no depths to which the cybercriminals will stoop too.”
Last month, cyber criminals targeted hospitals across Europe in an effort to compromise their computer systems while healthcare workers deal with a dramatic influx of patients due to the coronavirus outbreak.
-
"I LOVE this company!" Looking back on 50 years of tech giant MicrosoftOpinion There have been highs, lows, laughs and lots of success in the past 5 decades for the Redmond-headquartered firm
-
Verizon Call Filter API flaw could’ve exposed millions of Americans’ call recordsNews A security flaw in Verizon's Call Filter app could’ve allowed threat actors to access details of incoming calls for another user, a security researcher has found.
-
Phishing emails target victims with fake vaccine passport offerNews Scammers could steal victims’ personal information and never deliver the illegal goods, Fortinet warns
-
COVID-related phishing fuels a 15-fold increase in NCSC takedownsNews The NCSC recorded a significant jump in the number of attacks using NHS branding to lure victims
-
COVID vaccine passports will fail unless government wins public trust, ICO warnsNews Data watchdog's chief Elizabeth Denham warns that it’s not good enough to claim ‘this is important, so trust us’
-
Fake COVID vaccination certificates available on the dark webNews Fast-growing market emerges for people wanting quick vaccine proof to travel abroad
-
Cyber security firm saw attacks rise by 20% during 2020News Trend Micro found attackers also heavily targeted VPNs
-
Hackers using COVID vaccine as a lure to spread malwareNews Cyber criminals are impersonating WHO, DHL, and vaccine manufacturers in phishing campaigns
-
Website problems slow coronavirus vaccine rollout
News Florida is the epicenter of website issues, as patients struggle with malfunctioning sites and hackers
-
NHS COVID-19 app failed to ask users to self-isolate due to 'software glitch'News The bug is the latest in a long line of errors and glitches to plague the government's contact-tracing app
