“The United Nations is frequently targeted by cyberattacks, including sustained campaigns. We can also confirm that further attacks have been detected and are being responded to, that is linked to the earlier breach,” said Dujarric.
Simon Piff, Vice President for Security Research with IDC Asia/Pacific commented that knowing which agencies and perhaps which parts of these agencies could be useful in identifying the motives for such a breach.
“The implication that UN identities are for sale on the dark web would imply that ALL UN identities could be available for sale if the identity and its passwords were part of a hack, or perhaps it was social engineering and someone simply sold their details to someone on the dark web, which could be potentially more serious as there is very little that can be done to control that,” he added.
In a separate article, CPO Magazine suggested that “the data breach appears to stem from an employee login that was sold on the dark web. The attackers used this entry point to move farther into the UN’s networks and conducted reconnaissance between April and August.”
Another media, infotechlead, reported that the hackers use credentials taken from Umoja – the UN’s proprietary project management software. The report noted that at the time of the attack, the Umoja account used by the hackers wasn’t enabled with two-factor authentication.
Piff commented that “assuming UN IT security folks knew the account was breached, not enabled 2FA was a serious oversight, and I would expect after such a breach is made public multi-factor authentication would be made mandatory as that has the potential to negate any stolen or sold credentials.”
Basic security measures
“While cyberattacks are increasing in sophistication especially in recent years, the vast majority of successful breaches can still be avoided through the effective implementation of basic cyber hygiene measures such as multi-factor authentication, prompt patch management, proper network segmentation etc,” said Pei Yuen Wong, CTO IBM Security ASEAN.
“IDC believes that multi-factor authentication, whilst not a panacea, can address many of the existing security threats that most organizations face and that not implementing it is simply trusting to luck,” said Piff.
According to Thomas Richards, a principal security consultant with Synopsys Software Integrity Group opined that compromised credentials continue to be the most likely entry point into a target organisation’s network.
Richards proposed that to protect against such attacks, organisations should take proactive steps to enable multi-factor authentication on all externally accessible services and applications. Additionally, there are services that can be used to monitor dark web sites for breach data including passwords, usernames, and email addresses that are relevant to the organisation.
“These two steps, if implemented, would have made the attack much more difficult to carry out. As a final precaution, organisations should configure their log monitoring and audit tools to alert on any suspicious logins including those outside of normal business hours or from IP addresses that have not been used by that user before,” he concluded.
“IBM advocates a zero-trust approach in mitigating cyber threats and helps our customers safeguard their digital assets against bad actors through the adoption of this foremost cyber security paradigm,” added Wong.