Over the past few months, the World Health Organization (WHO) has grappled with the biggest global pandemic since World War I: COVID-19. Unfortunately, they’re also combatting cyberattacks. Today, we survey the challenges the WHO faces when dealing with cybercriminals.

External Threats

While leading the global response to the COVID-19 pandemic, the WHO has drawn the attention of the world’s hackers. Seeking contributions for frontline worker PPE and vaccine R&D, the WHO established the COVID-19 Solidarity Response Fund website. Sadly, cybercriminals have attempted to steal donors’ financial data. Scammers have also duped victims by extracting payment card information and login credentials from retailers and fintech companies.

Too, state-sponsored hacking by malign actors endeavors to capitalize on the emergency by infiltrating and spying on private and government networks.

Internal Threats

Recently, the WHO fell victim to a significant data breach when hackers looted 450 active WHO email accounts and passwords. These black hats also accessed thousands of emails from WHO personnel working on mitigating the effects of COVID-19. A WHO spokesperson stated that breach occurred in a legacy extranet system used by staff, former employees and external partners. In response, the organization has implemented multi-factor authentication (MFA) protocols to deter access by unauthorized users.

It comes as no surprise that the WHO has been targeted by hackers since the onset of the COVID-19 pandemic. Cybercriminals are opportunists by nature and regrettably, hackers have used the crisis to penetrate the WHO’s data networks.