According to a survey conducted through THE US cybersecurity corporation Prevailion and shared exclusively with Fox News, WHO was attacked not once last month, but twice. The attacks were successful, according to the company’s analysts, that it collects data directly from malicious servers, and continues to infiltrate and exfiltrated knowledge in gigantic, uncontrolled amounts.
“WHO has been raped twice recently, adding a Trojan infection last month,” Karim Hijazi, prevailion’s chief executive, told Fox News on Friday, noting that the piracy strategies used were nearly a decade old and indicated “security negligence.” “Once everything has settled down, it must now remain there. This is very worrying because all country data can be stolen. The magnitude of this can be simply dramatic.”
CORONAVIRUS CRIMINALS: AUTHORITIES WAGE WAR AGAINST VIRUS SCAMMERS, THIEVES, IMPOSTORS AND IDIOTS
For their purpose, these proposals, which in the past had not been publicly disclosed, pose serious symptoms of caution that WHO continues to be infiltrated and exfiltrated “by adversaries”.
Prevailing knowledge showed that last month, a Ramnit Trojan infection was detected on the WHO network. A “signaling” was observed, or reminiscent of the hacker-controlled command and server, more than 400 times, and the infection was active for an era of 10 days.
“What is concerned about this is that Ramnit is an older Trojan horse, so those attacks should be avoided. Ramnit was designed to use borrowed credentials such as usernames, passwords, etc. that may have had an effect on WHO staff,” Hijazi said. “And the malware is written in the Master Boot Record [MBR], which means it can be reinstalled after the device has been erased and secured with reputation.
He is under pressure that this means that WHO is porous enough to be infiltrated and exfiltrated, and that there is uninterrupted communication of this malware within the open web. And that, from this Trojan horse, virtually everything else can be deployed, in his own words, “it’s a door opener for anything else to be stolen.”
CLICK HERE FOR FULL COVERAGE OF CORONAVIRUS
The analysis revealed that on 14 March, some 71 Trojan horse communications, or beacons, were sent abroad from inside the WHO network, which may simply imply that the curtains had been seized or that malicious activity was searching for updates on its own. It then darkened until March 17 when 139 beacons were detected from the inside out.
“He’s like a little spy living in an organization; you can borrow something, ask for help, or ask your friends to come to the party. This is how the ransomware is implemented, and this cannot be taken lightly. door to other things to deploy, ” assumed Hijazi. “It is an organization in which the world depends, and its protection is stricter than a drum. Something so old can’t be communicated.”
Last screened on March 24, when three beacons sent something or asked for anything.
“The fact that we see something as old as Ramnit seems on the WHO network is a very bad sign. The activity of this Trojan horse that we stick to, as it refers to the attacker’s network, is just the smoke of what is likely a fireposition is taking internal position in its network,” Hijazi said. “It may be an internal hell. If something as old as Ramnit can get through their defenses, they have much bigger problems. This means that the new malware probably doesn’t have much trouble getting in.”
Prevailion’s cyber intelligence also noted that WHO also violated 9 November through the well-known Magecart malware. This is a type of malware that is known more like the virtual card skimmer, but it’s actually just a shape-catching malware that can capture all the knowledge entered in an online form, such as connections, an organization that completes the OMS configuration. online application or document, form registration, purchase orders, form exchange, as you call it.
“This type of infection within the WHO network can be used to hack other organizations that scale on the site, or any partner/registrant who uses the site to complete the bureaucracy and submit data or make requests,” Hijazi continued. “We are waiting for the malware to be checked back to command and control, that’s when we can see it. We wouldn’t even know it exists unless something is reported, our attitude is on the opponent’s side.
WORLD HEALTH ORGANIZATION UNDER THE MICROSCOPE: WHAT DIDN’T HAPPEN WITH CORONAVIRUS?
Hijazi noted that with regard to this months-old “form hijacker”, the “effects of it have not yet been determined” and that they have detected some activity since their initial theft.
“Something like this unfolds, gets commands, and then comes out. It is activated on this date. It can remain inactive and then deploy,” he said.
In addition, Hijazi and his team also observed a “phishing email from a valid WHO domain, as opposed to a fake/imitated WHO domain”. This may simply mean that hackers have had an infrastructure that can send WHO emails that will not be captured via anti-phishing technology, which identifies when something doesn’t seem real.
“This is going to be genuine because it comes from a valid account, and it will be up to the recipient to judge whether to click on the links,” Hijazi emphasized, warning all email users to “continue with caution.”
WHO did not respond to a request for comment.
Since the new coronavirus, also known as COVID-19, began ravaging the previous world this year, WHO has been the target of countless cybersecurity attacks, either as an attack target and as an entity, it can falsify to free countless phishing. attacks on other corporations and organizations.
The UN-led fitness organization stated this week that there had been attempts at piracy into the non-public email accounts of at least two staff members, saying they did not know who the malicious messages were meant to mimic Google’s Internet facilities and then steal. Passwords.
A Report from Reuters on Thursday said at least one attempted rape was made through infiltrators “working in the interest of the Iranian government.” The hackers attempted to log into the non-public email accounts of World Health Organization personnel. Iran is one of the most inflamed countries in the world and has been accused of covering the number of instances and deaths, as well as widespread management of the pandemic since it took root this year.
GET THE FOX NEWS APP
Hijazi said he may not just verify the identities of the assault on cyber prey, but given the volume, he said there are probably other criminal teams, some running independently and others under the guise of a foreign government, looking to break up. In.
“There is still transparent attribution on attacks, however, there is a lot of motivation at all grades for other organisms to be introduced,” he added. “We can see a set of quick tools; come from adversaries of a certain kind.”