World Health Organization Sees Dramatic Uptick in Cyber Attacks

Nearly 450 active email addresses and passwords used by WHO staff have been leaked online, and the public has received email scams from people posing as staff.

• By Ralph C. Jensen
• Apr 24, 2020

Ever since the start of the COVID-19 attacks, the World Health Organization (WHO) has seen a dramatic uptick in the number of cyber attacks affecting its staff, as well as email scams targeting the public.

Nearly 450 active WHO email addresses and passwords have been leaked online, according to the organization. Thousands of those email addresses belong to others working on the novel coronavirus response.

The WHO system was not put at risk, because the leaked credentials and data was not recent information. An older extranet system was impacted, which is used by current and retired staff. WHO partners were also impacted. WHO staff is now migrating affected systems to a more secure authentication system.

The scammers were impersonating WHO in emails, and have increasingly targeted the general public as a means to channel donations to a fictitious fund and not the organization’s COVID-19 Solidary Response Fund. The current number of cyber attacks is five times more than the number directed at WHO last year.

“Ensuring the security of health information for member states and the privacy of users interacting with us a priority for WHO at all times, but also particularly during the COVID-19 pandemic. We are grateful for the alerts we receive from member states and the private sector. We are all in this fight together,” said Bernardo Mariano, WHO’s chief information officer.

WHO is working with the private sector to establish more robust internal systems and to strengthen security measures and is educating staff on cybersecurity risks.

“Organizations such as WHO will be targets because they are very visible to the current crisis and will be taking in large numbers of new, global contact details as they bring everyone together to work toward a solution,” said Laurence Pitt, cybersecurity marketing and strategy director at Juniper Networks.

Pitt added: “For an attacker, the theft of email addresses from WHO is valuable because they would expect for the list to contain up-to-date and relevant details that can be leveraged in the generation of scams and phishing campaigns. But migration of affected systems after an attack is a response, not a solution. Any organization dealing with current, relevant personal details should be reviewing data security and looking to airgap, encrypt or add additional security, in order to prevent a breach from occurring in the first place.”

Asking the public to remain vigilant, WHO staff warn against fraudulent emails. They also recommend the use of reliable sources to obtain factual information about COVID-19 and other health issues.