The United Nations has admitted that malicious figures were able to breach its network (opens in new tab) earlier this year and steal data (opens in new tab) which could now be used for facilitating future attacks on the organization as well as on other agencies.
“We can confirm that unknown attackers were able to breach parts of the United Nations infrastructure in April of 2021,” Stéphane Dujarric, spokesman for the UN Secretary-General, said in a statement.
Dujarric added that the international body is a frequent target of cyberattacks, and also confirmed that it has been responding to other attacks linked to the earlier breach.
We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.
>> Click here to start the survey in a new window (opens in new tab) <<
- These are the best endpoint protection tools (opens in new tab)
- Here's our choice of the best malware removal (opens in new tab) software on the market
- Check our list of the best firewall apps and services (opens in new tab)
Based on investigations carried out by the UN’s cybersecurity (opens in new tab) teams, the intruders made their way into the system on April 5, and there are indications that they were active inside the network at least till August 7.
Reporting on the development, Bloomberg believes that the intruders likely got in using the stolen login credentials of an UN employee purchased off the dark web.
“Initial access via credentials purchased from the dark web is now becoming standard modus operandi. So much so that we now have Initial Access Brokers (IABs) who specialize in just that and then sell off that access to other entities like ransomware (opens in new tab) affiliates or state sponsored groups,” Saumitra Das, CTO and cofounder, of security vendor Blue Hexagon tells TechRadar Pro.
Baber Amin, Chief Operating Officer, Veridium goes one step ahead and tells us that the UN breach is a good example of securing access using passwords (opens in new tab) alone.
“The best thing is to eliminate the use of passwords from as many systems as possible. If that is not possible, multi-factor authentication (MFA (opens in new tab)) should be implemented for all access,” suggests Amin.
- Protect your devices with these best antivirus software (opens in new tab)
Via Bloomberg (opens in new tab)