It has been reported that the International Committee of the Red Cross has recently suffered a cyber-attack, during which the data of more that 515,000 vulnerable people was accessed and seized. Some of the individuals affected recently fled conflicts. The ICRC confirmed the attack in a published statement: “A sophisticated cybersecurity attack against computer servers hosting information held by the International Committee of the Red Cross (ICRC) was detected this week. The attack compromised personal data and confidential information on more than 515,000 highly vulnerable people, including those separated from their families due to conflict, migration and disaster, missing persons and their families, and people in detention.”
So far it is unknown who may be behind the attack. The hackers originally targeted an external company in Switzerland, which is contracted to store the ICRC’s data. Currently there is no evidence that the sensitive data has been released to public domain. The most pressing concern, however, is the potential risk that comes with this breach. Particularly, any confidential information being shared on the internet, as the data in question belongs to individuals whom the Red Cross and Red Crescent network seeks to protect.
Brian Higgins, security specialist at Comparitech commented: “Egregious attacks such as this are unfortunately becoming an occupational hazard for charity and relief organisations as the vital nature of the data they possess coupled with the extreme vulnerability of the individuals to whom it relates provides a highly attractive target for certain groups of cyber criminals.In the absence of any clear idea of motivation at this stage the Red Cross are clearly doing everything they reasonably can to respond but I’m sure more information will soon come to light. It’s a sad yet sobering fact that network security is becoming more and more difficult as third party and supply chain organisations are vital elements of doing business in any sector, but it is almost impossible to implement consistent security protocols and defences across an entire enterprise. Attackers will always find a weak link in the chain and exploit it. Now that this highly sensitive, humanitarian stolen data is in the wild one can only support the Red Cross Director General in his call.
Another cybersecurity expert, Jon Andrews, VP of EMEA at Gurucul said:“This is another unfortunate example that hacking groups or individuals are indiscriminate and will target any and all vulnerabilities, even if those vulnerabilities concern vulnerable people. Potentially gone are the days of the published moral code of all hacking groups such as Anonymous. There are groups out there who do not share the same ethics and it puts every organization at risk.”
Javvad Malik, lead security awareness advocate at KnowBe4 adds: “There are no details about how the sophisticated cyber attack occurred, but history has shown that in many cases the attacks are seldom sophisticated and often originate through some user error, like making a cloud database public, a spear phishing attack, poor credentials, or exploiting an unpatched system. It’s quite concerning how sensitive the data is that has been exposed, and one hopes the information doesn’t appear on forums or for sale. It’s a reminder that today’s cyber security discipline is different from what it was 20 years ago. No longer is it about protecting data, but protecting lives.”
John Goodacre, director of UKRI’s digital security by design and professor of computer architectures at the University of Manchester also commented: “Unfortunately, we live in a world where people make mistakes when using computers and the applications themselves have bugs. Together these create vulnerabilities that can be exposed through even the most stringent cyber defences. Industry and businesses can do little about the software vulnerabilities in computers other than apply patches after they have become known, and potentially exploited, and stop data loss or systems being held to ransom. For years around 70% of the ongoing reported software vulnerabilities are due to bugs in the way software works. The UK government is supporting industry and academia through the UKRI Digital Security by Design programme to introduce new fundamental technologies that can block software vulnerabilities from exploitation. This latest cyberattack again amplifies the need that everyone must maintain the best cyber practices and ensure all software is fully patched to reduce the risk that any vulnerability is exposed to exploitation.”
Jamie Akhtar, CEO and Co-founder of CyberSmart believes that: “This attack perfectly demonstrates that no target is off the table for cybercriminals. And, once again, we’re discussing an attack that started in the organisation’s supply chain. Indirect attacks on large organisations are fast becoming a favoured tactic of cybercriminals; it’s often much easier to breach a supplier or subsidiary first.
So we urge businesses big and small to start conversations with your supply chain. Share security practices, be transparent, and keep lines of communication open. It might just be the difference between successfully avoiding a breach or not.”
Martin Jartelius, CSO, Outpost24concludes: “Generally, it would be hard for a third party to identify the correlation between a data store and its main application when it occurs in the external system as this. We can only hope that a sophisticated attacker does mean that no one left a database or bucket open against the internet again. Generally, breaching humanitarian organizations is frowned upon amongst hackers, but this data could in theory be of interest to various regimes looking for specific individuals, so the breach is one which severity should not be underestimated.”