Logo

American Security Council Foundation

Back to main site

Alan W. Dowd is a Senior Fellow with the American Security Council Foundation, where he writes on the full range of topics relating to national defense, foreign policy and international security. Dowd’s commentaries and essays have appeared in Policy Review, Parameters, Military Officer, The American Legion Magazine, The Journal of Diplomacy and International Relations, The Claremont Review of Books, World Politics Review, The Wall Street Journal Europe, The Jerusalem Post, The Financial Times Deutschland, The Washington Times, The Baltimore Sun, The Washington Examiner, The Detroit News, The Sacramento Bee, The Vancouver Sun, The National Post, The Landing Zone, Current, The World & I, The American Enterprise, Fraser Forum, American Outlook, The American and the online editions of Weekly Standard, National Review and American Interest. Beyond his work in opinion journalism, Dowd has served as an adjunct professor and university lecturer; congressional aide; and administrator, researcher and writer at leading think tanks, including the Hudson Institute, Sagamore Institute and Fraser Institute. An award-winning writer, Dowd has been interviewed by Fox News Channel, Cox News Service, The Washington Times, The National Post, the Australian Broadcasting Corporation and numerous radio programs across North America. In addition, his work has been quoted by and/or reprinted in The Guardian, CBS News, BBC News and the Council on Foreign Relations. Dowd holds degrees from Butler University and Indiana University. Follow him at twitter.com/alanwdowd.

ASCF News

Scott Tilley is a Senior Fellow at the American Security Council Foundation, where he writes the “Technical Power” column, focusing on the societal and national security implications of advanced technology in cybersecurity, space, and foreign relations.

He is an emeritus professor at the Florida Institute of Technology. Previously, he was with the University of California, Riverside, Carnegie Mellon University’s Software Engineering Institute, and IBM. His research and teaching were in the areas of computer science, software & systems engineering, educational technology, the design of communication, and business information systems.

He is president and founder of the Center for Technology & Society, president and co-founder of Big Data Florida, past president of INCOSE Space Coast, and a Space Coast Writers’ Guild Fellow.

He has authored over 150 academic papers and has published 28 books (technical and non-technical), most recently Systems Analysis & Design (Cengage, 2020), SPACE (Anthology Alliance, 2019), and Technical Justice (CTS Press, 2019). He wrote the “Technology Today” column for FLORIDA TODAY from 2010 to 2018.

He is a popular public speaker, having delivered numerous keynote presentations and “Tech Talks” for a general audience. Recent examples include the role of big data in the space program, a four-part series on machine learning, and a four-part series on fake news.

He holds a Ph.D. in computer science from the University of Victoria (1995).

Contact him at stilley@cts.today.

United Nations Data Breach: Hackers Obtained Employee Login From Dark Web, Are Executing Ongoing Attacks on UN Agencies

Friday, September 17, 2021

Categories: ASCF News Cyber Security

Comments: 0

Source: https://www.cpomagazine.com/cyber-security/united-nations-data-breach-hackers-obtained-employee-login-from-dark-web-are-executing-ongoing-attacks-on-un-agencies/

Photo: CPO Magazine

A spokesperson for the United Nations has confirmed that the organization was breached by hackers in early 2021, and that attacks tied to that breach on various branches of the UN are ongoing. The data breach appears to stem from an employee login that was sold on the dark web. The attackers used this entry point to move farther into the UN’s networks and conducted reconnaissance between April and August. Information gleaned from this activity appears to have been put to use in further attacks, with attempts made on at least 53 accounts.

UN data breach creates long-term havoc for organization
The UN hack began with acquisition of an employee username and password from a dark web forum, very likely as part of another data breach. This allowed the attackers to walk in and immediately begin scouting the network and attempting to escalate privileges, with the first incident taking place in April. A number of security researchers have reported seeing the accounts of UN employees listed among large packs of usernames and passwords sold on underground forums, in this case as part of a package going for only $1,000.

The initial account that was compromised was for proprietary project management software that the UN uses called “Umoja.” The hackers have since been observed by an outside security firm to have been reconnoitering and attempting further attacks, with the last attempt taking place on August 7. However, the UN reports that the attackers have yet to do any damage.

The data breach was detected and reported to the UN by outside firm Resecurity, and there is some debate between the two about exactly what was stolen. The UN claims the attackers have only taken screenshots of the internal network. Resecurity, which was rebuffed by the UN upon offering assistance, says that it has evidence that information has been exfiltrated in the data breach. Resecurity also claims that at least 53 UN accounts have been targeted with additional attacks since the data breach began. CNN is reporting that “multiple” other security firms detected the data breach and attempted to warn the UN about it, but the UN claims that it had already detected the breach and was taking steps to mitigate it before it was contacted by any outside parties.

The Umoja account that was originally compromised did not have multi-factor authentication enabled; the Umoja website says that the service added that option when it moved to Microsoft Azure in July, a little too late to help the UN.

The UN has a unique need for cutting-edge cybersecurity given that it is one of the world’s prime targets for hackers, and that it fields regular attacks from advanced operators. Many of these go unrecorded, but the organization has weathered some high-profile attacks in recent years. In 2018, Russian hackers thought to be state-backed attacked the Organisation for the Prohibition of Chemical Weapons in retaliation for its investigation into the use of a nerve agent for a political assassination attempt against a former spy living in Salisbury. An attack in 2019 leveraged a known vulnerability in the Microsoft SharePoint platform to breach the UN’s core network infrastructure, and only became known to the public when confidential reports were leaked to the New Humanitarian in early 2020. After publication the UN confirmed that the attack had compromised its offices in Geneva and Vienna. And in early 2021, researchers with the Sakura Samurai firm discovered a data breach at the United Nations Environmental Programme (UNEP) that exposed about 100,000 private employee records via exposed Git directories.

Lessons from UN data breach
Trevor Morgan, product manager with data security specialists comforte AG, notes this case as another illustration of the need for advanced cybersecurity not necessarily driving the implementation with the urgency that it should: “The tactically simple but successful cyberattack on the United Nations’ computer networks, now being reported as an ongoing breach with activity occurring for months, accentuates two very clear points. First, that while the impression of hackers is usually of technical geniuses using brilliant attack methods and sophisticated tools to skirt defensive measures, the reality is far from it. A majority of incidents are due to preventable human error or simple methods of attack such as stolen credentials. Second, that cybersecurity isn’t just a personal issue that affects our individual PII and sensitive financial information (though these are key concerns too). It is a matter of national security and potentially affects every single one of us with the repercussions of attacks on national entities.”

There are a number of standard measures that can be pointed out that would have provided layers of preventive security in this case: standard use of multifactor authentication, implementation of automated tools, promotion of security culture, tokenization, encryption, and so on. But if the UN is not already aware of the importance of defense against nation-state hackers and already making good faith attempts to keep pace, what could be said to them to make a difference?

Neil Jones, Cybersecurity Evangelist for Egnyte, notes that the fact that organizations so commonly lag behind the threat landscape is a direct contributing factor in the cybercrime boom of recent years: “Unfortunately, far too often methods and tools are being employed that don’t meet the security and control needs of an organization, particularly a large Non-Government Organization like the UN. Security should be viewed as way more than a checklist … The reality is that all content and communications are vulnerable without proper data governance, and it is imperative that organizations protect the data itself. This type of security incident occurs regularly, particularly in decentralized settings like the United Nations and the mission-critical systems they use to communicate with hundreds of global nation-states on a daily basis. If secure file collaboration tools with suspicious log-in capabilities are implemented correctly, they can render cybercriminals’ attacks ineffective. Used in a case like this where adversaries were able to infiltrate the network and grind activities to a halt, the systems themselves would have been inaccessible to outsiders, and the valuable data would have remained protected.”

The UN data breach also highlights a particular measure that is too often overlooked, yet is a simple fix; better management of employee credentials. Even without multifactor authentication in place, the initial breach would not have happened if the accounts of former or inactive employees were routinely disabled. And regular scanning for the appearance of leaked credentials on the dark web can cut off damage from breaches that compromise the accounts of current employees, as can regular prompts to change passwords.

Comments RSS feed for comments on this page

There are no comments yet. Be the first to add a comment by using the form below.