In a report released by Untangle, a leading firewall / security vendor, the details of the recent United Nations Hack were detailed. Here is a summary of the report
“It has been recently revealed the United Nations was victim to a cyber attack starting in July 2019. Hackers gained access to and compromised 42 servers and 25 are still categorized as suspicious for three different domains: those of the United Nations offices in Geneva and Vienna and of the office of High Commissioner for Human Rights. It is estimated that hackers may have up to 400GB of staff records, health insurance, and commercial contact data.”
This attack has been classified as an APT (Advanced Persistent Threat) where the attackers gain access then setup a variety of ways to remain on the network while they collect the data they are after. This hack was due to a vulnerability stemming from not installing software updates in a timely manner. .The United nations found the threat then issues a notice to employees to reset their passwords in August of 2019. They did not inform personnel of the hack until January 2020.
These two factors, patching and training, should be addressed by every company to keep their data safe.
If your company needs help with patching or security training, then contact us for assistance.