In a rather bold data theft attack, threat actors used stolen credentials to hack into the United Nations’ proprietary project management software, Umoja.
A spokesperson of the United Nations has confirmed that attackers used an employee’s credentials to breach the UN’s network back in April and exfiltrate key confidential data.
Cybercriminals can exploit the stolen data to target agencies within the UN. According to Stéphane Dujarric, spokesman for the UN Secretary-General, the UN has already seen and responded to such “further attacks” following the data theft, which broke the news in a Thursday report.
“We can confirm that unknown attackers were able to breach parts of the United Nations infrastructure in April of 2021,” Dujarric said in the report. “The United Nations is frequently targeted by cyberattacks, including sustained campaigns.”
Not The First Data Theft Attack To Target The United Nations
Another high-profile attack hit the United Nations in January 2020. Threat actors distributed the infamous Emotet malware via a massive phishing campaign to steal credentials and deliver the TrickBot trojan. The attack ultimately was found to be the result of a Microsoft SharePoint flaw, allowing hackers to get ahold of 400 GB of sensitive information.
Lack Of Two-Factor Authentication Allowed The Data Theft To Happen
According to Thursday’s report, the stolen credentials used in the latest data theft attack belonged to an account on the UN’s proprietary project management software, called Umoja.
The compromised account user had not enabled the 2FA (two-factor authentication) to secure the log-in process, sending an almost open invitation to hackers. Their eagle eyes spotted the unfortunate vulnerability immediately. They used it to steal credentials, access the organization’s software, and dig deeper into the network, security firm Resecurity explained, according to the report. Resecurity was the one to discover the attack earlier this year.
According to security experts, the attack serves as a lesson on why simply using a username/password combination is not enough. Moreso, it’s extremely dangerous when using it to secure entry into a system on an organization’s larger network – especially one that should require rigorous security due to the sensitive nature of its business.
“This is a very good example of why passwords as a credential are bad,” Baber Amin, COO of security firm Veridium, said.
It remains unclear whether the stolen credentials were UN-specific or if the user was re-using credentials from another account. However, Amin added that eliminating the use of passwords from as many systems as possible could partially prevent further data theft attacks.
“If that is not possible, multi–factor authentication should be implemented for all access,” Amin said. “MFA has become easy to implement over the last few years, and it should be the default.”
Four Months Of Lateral Movement
Following the data breach that occurred on April 5, threat actors were active on UN’s systems for at least four months. In addition, intruder activity was still detected as of August 7, researchers noted.
Veridium’s Amin explained how the lateral movement on the UN’s network could have been prevented by establishing a hierarchy of privilege within applications on a network, giving the employees access exclusively to the assets they need to do their job.
“This means that each person has the minimal level of trust granted for the task at hand,” he said.
Shortly after discovering the breach, Resecurity informed the UN and worked alongside the organization’s Incident Response team to investigate. However, Dujarric stated that the UN already knew of the data theft attack when Rsescurity reached out to them.
UN officials assured the security firm that the attackers only breached their network for reconnaissance purposes in the form of taking screenshots. On the other hand, Resecurity provided proof that data also had been stolen. After that, the UN ceased communication with the security firm, according to the same report.
Prepare Your Employees For Phishing Attacks With ATTACK Simulator’s Security Awareness Training
Phishing attacks can be catastrophic to your business. Phishers don’t sleep on your company’s weaknesses. Your employees are the most attractive targets, so you should seriously consider making security awareness training a top priority.
To objectively assess your company’s exposure and vulnerability to phishing attacks, we strongly advise you to use our free security awareness training trial.
Our realistic phishing simulations will expose your employees to life-like hands-on fake phishing attacks.
Here’s what you get when you choose us:
- Automated attack simulation – we simulate all kinds of cyberattacks: phishing, malware, ransomware, spear-phishing, identity theft, online privacy attacks, online scams etc.
- Real-life scenarios – we evaluate users’ vulnerability to give company-related or pesonal data away using realistic web-pages.
- User behavior analysis – we gather user data and compile it in extensive reports to give you a detailed picture of your employees’ security awareness level.
- Malicious file replicas – our emails contain malware file replicas, to make the simulation as realistic as it can be.
- Interactive lessons – if employees fail to recognize our traps and fall into one, they will be redirected to landing pages with quick reads on the best security practices.
- We impersonate popular brands on our simulated phishing pages – the user will be more tempted to click on the URL or open the attachment in the email.
Choose ATTACK Simulator’s Security Awareness Training program to equip your employees with the necessary security knowledge and up-to-date security practices to keep your company safe from scammers and avoid potentially irremediable damage.
Sources:
ThreatPost Stolen Credentials Led to Data Theft at United Nations
Bloomberg UN Computer Network Breached By Hackers Earlier This Year
Attribution:
Feature Image: Photo by Mathias P.R. Reding on Unsplash
Photo by Jonathan Ansel Moy de Vitry on Unsplash
