The UN has been hit by a major cyberattack

Time to ban the use of password-only access, say experts

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

The United Nations has admitted that malicious figures were able tobreach its networkearlier this year andsteal datawhich could now be used for facilitating future attacks on the organization as well as on other agencies.

“We can confirm that unknown attackers were able to breach parts of the United Nations infrastructure in April of 2021,” Stéphane Dujarric, spokesman for the UN Secretary-General, said in a statement.

Dujarric added that the international body is a frequent target of cyberattacks, and also confirmed that it has been responding to other attacks linked to the earlier breach.

We’re looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won’t take more than 60 seconds of your time, and we’d hugely appreciate if you’d share your experiences with us.

Click here to start the survey in a new window«

Based on investigations carried out by the UN’scybersecurityteams, the intruders made their way into the system on April 5, and there are indications that they were active inside the network at least till August 7.

Unsophisticated breach

Reporting on the development,Bloombergbelieves that the intruders likely got in using the stolen login credentials of an UN employee purchased off the dark web.

“Initial access via credentials purchased from the dark web is now becoming standard modus operandi. So much so that we now have Initial Access Brokers (IABs) who specialize in just that and then sell off that access to other entities likeransomwareaffiliates or state sponsored groups,” Saumitra Das, CTO and cofounder, of security vendor Blue Hexagon tellsTechRadar Pro.

Baber Amin, Chief Operating Officer, Veridium goes one step ahead and tells us that the UN breach is a good example of securing access usingpasswordsalone.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

“The best thing is to eliminate the use of passwords from as many systems as possible. If that is not possible, multi-factor authentication (MFA) should be implemented for all access,” suggests Amin.

ViaBloomberg

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

Don’t search for information on cats at work — you could be at risk of being hacked

This dangerous new malware is hitting Windows devices by hiding in games

Singapore Criterium live stream 2024: How to watch FREE UCI cycling online