Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Tuesday, 17 May, 2022
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2021
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2021
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Red Cross Hack exposes data of 515,000

The International Committee of the Red Cross has fallen victim to a cyber-attack

by SaskiaEpr
January 20, 2022
in Cyber Bites
Red Cross Hack exposes data of 515,000
Share on FacebookShare on Twitter

It has been reported that the International Committee of the Red Cross has recently suffered a cyber-attack, during which the data of more that 515,000 vulnerable people was accessed and seized. Some of the individuals affected recently fled conflicts. The ICRC confirmed the attack in a published statement: “A sophisticated cybersecurity attack against computer servers hosting information held by the International Committee of the Red Cross (ICRC) was detected this week. The attack compromised personal data and confidential information on more than 515,000 highly vulnerable people, including those separated from their families due to conflict, migration and disaster, missing persons and their families, and people in detention.”

So far it is unknown who may be behind the attack. The hackers originally targeted an external company in Switzerland, which is contracted to store the ICRC’s data. Currently there is no evidence that the sensitive data has been released to public domain. The most pressing concern, however, is the potential risk that comes with this breach. Particularly, any confidential information being shared on the internet, as the data in question belongs to individuals whom the Red Cross and Red Crescent network seeks to protect.

Brian Higgins, security specialist at Comparitech commented: “Egregious attacks such as this are unfortunately becoming an occupational hazard for charity and relief organisations as the vital nature of the data they possess coupled with the extreme vulnerability of the individuals to whom it relates provides a highly attractive target for certain groups of cyber criminals.In the absence of any clear idea of motivation at this stage the Red Cross are clearly doing everything they reasonably can to respond but I’m sure more information will soon come to light. It’s a sad yet sobering fact that network security is becoming more and more difficult as third party and supply chain organisations are vital elements of doing business in any sector, but it is almost impossible to implement consistent security protocols and defences across an entire enterprise. Attackers will always find a weak link in the chain and exploit it. Now that this highly sensitive, humanitarian stolen data is in the wild one can only support the Red Cross Director General in his call.

Another cybersecurity expert, Jon Andrews, VP of EMEA at Gurucul said:“This is another unfortunate example that hacking groups or individuals are indiscriminate and will target any and all vulnerabilities, even if those vulnerabilities concern vulnerable people. Potentially gone are the days of the published moral code of all hacking groups such as Anonymous. There are groups out there who do not share the same ethics and it puts every organization at risk.”

Javvad Malik, lead security awareness advocate at KnowBe4 adds: “There are no details about how the sophisticated cyber attack occurred, but history has shown that in many cases the attacks are seldom sophisticated and often originate through some user error, like making a cloud database public, a spear phishing attack, poor credentials, or exploiting an unpatched system. It’s quite concerning how sensitive the data is that has been exposed, and one hopes the information doesn’t appear on forums or for sale. It’s a reminder that today’s cyber security discipline is different from what it was 20 years ago. No longer is it about protecting data, but protecting lives.”

John Goodacre, director of UKRI’s digital security by design and professor of computer architectures at the University of Manchester also commented: “Unfortunately, we live in a world where people make mistakes when using computers and the applications themselves have bugs. Together these create vulnerabilities that can be exposed through even the most stringent cyber defences. Industry and businesses can do little about the software vulnerabilities in computers other than apply patches after they have become known, and potentially exploited, and stop data loss or systems being held to ransom. For years around 70% of the ongoing reported software vulnerabilities are due to bugs in the way software works. The UK government is supporting industry and academia through the UKRI Digital Security by Design programme to introduce new fundamental technologies that can block software vulnerabilities from exploitation. This latest cyberattack again amplifies the need that everyone must maintain the best cyber practices and ensure all software is fully patched to reduce the risk that any vulnerability is exposed to exploitation.”

Jamie Akhtar, CEO and Co-founder of CyberSmart believes that:  “This attack perfectly demonstrates that no target is off the table for cybercriminals. And, once again, we’re discussing an attack that started in the organisation’s supply chain. Indirect attacks on large organisations are fast becoming a favoured tactic of cybercriminals; it’s often much easier to breach a supplier or subsidiary first.

So we urge businesses big and small to start conversations with your supply chain. Share security practices, be transparent, and keep lines of communication open. It might just be the difference between successfully avoiding a breach or not.”

Martin Jartelius, CSO, Outpost24concludes: “Generally, it would be hard for a third party to identify the correlation between a data store and its main application when it occurs in the external system as this. We can only hope that a sophisticated attacker does mean that no one left a database or bucket open against the internet again. Generally, breaching humanitarian organizations is frowned upon amongst hackers, but this data could in theory be of interest to various regimes looking for specific individuals, so the breach is one which severity should not be underestimated.”

FacebookTweetLinkedIn
ShareTweetShare
Previous Post

Spoof Nintendo sites advertising discounted Switch consoles

Next Post

FBI alert: malicious QR codes stealing money

Recent News

Armis: Top Performer in Asset Visibility and Real-Time Detection in MITRE Engenuity ATT&CK® Evaluations for Industrial Control Systems (ICS)

Armis Launches new ‘Critical Infrastructure Protection Program’

May 17, 2022
jigsaw

Thanos and Jigsaw ransomware linked to 55 year old doctor

May 17, 2022
Google logo

Italian police thwart Eurovision cyberattack

May 17, 2022
nuclear power stack

UK announces nuclear cybersecurity strategy

May 16, 2022

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2021
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information