The email addresses of about 450 active employees were leaked online this week along with thousands of others working on COVID-19 response, WHO said.

COVID-19: Security risks are increasing as more people work from home Watch Now

The World Health Organization has seen a dramatic increase in the number of cyberattacks targeting its staff and email scams directed at the public. About 450 active WHO email addresses were leaked online this week, along with thousands belonging to others working on response to the COVID-19 pandemic, WHO said.

The organization said it is now migrating affected systems to a more secure authentication system.



"Ensuring the security of health information for member states and the privacy of users interacting with us a priority for WHO at all times, but also particularly during the COVID-19 pandemic," said Bernardo Mariano, WHO's chief information officer, in a statement. "We are grateful for the alerts we receive from member states and the private sector. We are all in this fight together."



SEE: Coronavirus-themed phishing attacks aim to capture banking credentials (TechRepublic)

The organization said it is working with the private sector to establish more robust internal systems and to strengthen security measures and is educating staff on cybersecurity risks.



WHO's Chief Information Security Officer Flavio Aggio told Reuters officials are not certain who the hackers are. But he warned that hacking attempts against the agency and its partners have soared as they battle to contain the coronavirus.



Many of the attacks have been phishing or spear phishing attempts to lure WHO staff into clicking on a malicious link in an email—often sent to both work and personal accounts—that will download malware onto their computers or mobile phones, he said. In some cases, the origins of the attack and the suspected perpetrator have been identified in reports the WHO has received from national cybersecurity agencies. He declined to name them, according to Reuters.



The spike in COVID-19-related attacks jives with what security firm IronNet is seeing. IronNet's threat research team has discovered in recent months that phishing domains specifically impersonating Wells Fargo, have significantly increased and at rates surpassing even those during the holiday season, the firm said.

For example, when comparing October to December 2019 to February 2020 to today there has been a 37% increase in phishing domains, according to IronNet. Furthermore, there have been more malicious domains activated in just the first 10 days of April than in all of November 2019, during Black Friday, the firm said.



There has been a significant rise in COVID-19-related lures and email scams, said Trish Dixon, vice president of the cyber operations center at IronNet. Most are tied to redirecting users to a newly stood up domain where malicious content is hosted in the hopes that the user will then download the content from there, she said, but there are a few that are embedded within the communication itself.



Quarantine and self-isolation have led to an increase in online shopping, IronNet said. "As such, credit card skimming has dramatically increased as much as 20%. Trends related to credit card skimming have been observed in multiple customer environments across different sectors," the firm said.



People need to be "vigilant when it comes to these types of communications and to ensure they are protecting their home networks as well as their company's," Dixon said.



WHO has published an advisory on what to look for as cyberattackers are increasingly taking advantage of the coronavirus pandemic.

Cybersecurity Insider Newsletter Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered Tuesdays and Thursdays Sign up today

Also see