Home > Categories > IT Asset Management > United Nations Faces Cyber-Espionage; Failure to Patch Causes Breach

Software Category

IT Asset Management

Write Review

United Nations Faces Cyber-Espionage; Failure to Patch Causes Breach

A leaked internal United Nations (UN) report showed that several core infrastructure servers were compromised during a successful cyberattack. An older version of Microsoft SharePoint was exploited by hackers to gain access to the UN servers in one of the largest known breaches to affect the UN. The attack took place in July 2019 but only came to light a month later in August 2019, and now in 2020 the UN is still “counting casualties.”

The attack was thought to be perpetrated by an advanced persistent threat (APT). The attackers implanted themselves within the UN servers and then showed no further signs of activity. Once established, they remained dormant, a typical move of APTs seeking to avoid detection.

The attackers used a previously known vulnerability – CVE-2019-0604 – of Microsoft SharePoint to execute the remote installation of malware onto the UN servers. In total, 42 servers were compromised, with an additional 25 servers placed under suspicion of being compromised. These servers included the UN Human Rights Offices and the UN Human Resources Department in both Geneva and Vienna. Over 400GB of data was downloaded via the attack. Stéphane Dujarric, a UN spokesperson, told reporters that the UN offices chose not to disclose the attack to the public because “the exact nature and scope of the incident could not be determined.”

Source: Microsoft SharePoint at SoftwareReviews. Accessed March 2, 2019.

Our Take

This breach was only recently unveiled, and only due to a leak from within the UN. Allegedly, the UN had no intention to disclose the breach at all. This raises two causes for concern.

First, the exploitation used by the attackers was only possible via an old and well-documented vulnerability in Microsoft SharePoint. Even worse, there was a released patch to fix the exploit hackers used to gain access to the UN servers. This means that the UN, since July of 2019 or earlier, failed to update their Microsoft SharePoint to the latest version. Subsequently, 400GB of data has been confirmed to be compromised. There are still 25 other servers whose data security is at risk.

Second, because the UN resides within the European Union, the assumption is the UN would be subject to the General Data Protection Regulation (GDPR). However, because the UN has diplomatic immunity, it is unaffected by legal processes and is therefore not obligated to disclose any breaches publicly.

While the UN is seeking to govern over state behavior, it is difficult to heed the UN’s call for openness and transparency when they fail to model that behavior themselves. These types of actions hurt the credibility of the UN.

Morey Haber, CTO and CISO at BeyondTrust, says, “In my opinion, unless the organization’s public disclosure would actually create harm in the form of national security (which this does not), there is no good reason to cover up the incident. In fact, the sheer fact that a Microsoft SharePoint vulnerability was exploited with such success warrants this information being shared with other agencies and should have been publicly disclosed to help others to protect again the threat.”

This is a case study in the importance of both patch management and transparency. Failure to maintain a current patch led to the United Nation’s breach. This breach would have been easily avoided, had the UN only obtained the patch fix for Microsoft SharePoint. On the transparency side, if the UN faces no consequences for this kind of failure, more breaches could occur without anyone knowing.

It is best to be open about breaches – and how they were remediated – so other organizations can take it as a learning experience and know what to look for. This includes phishing attacks, social engineering, and even physical breaches. Check out our blueprint Developing and Implementing a Security Incident Management Program to find out more.


Want to Know More?

Design and Implement a Vulnerability Management Program

Develop and Implement a Security Incident Management Program

Other Recent Research in IT Asset Management

IT Asset Management

Qualys and Ivanti Partnership Boasts an Incredibly Robust Vulnerability Management Platform

Qualys VMDR and Ivanti have announced a new partnership dedicated to improving the detection and patching of vulnerabilities. Announced July 30, the Qualys and Ivanti Partnership have already gone live as an integrated component of the VMDR solution.

IT Asset Management

RiskSense Releases a Unified Infrastructure Security Risk Management Program

RiskSense announced on July 13 its new version of the cloud-delivered RiskSense risk management platform. The main draw of the program is its holistic risk calculation across CVEs and CWEs.

IT Asset Management

Address the Root of Your Vulnerabilities in a Resource-Tight Period

Cyberthreats are omnipresent for any enterprise. Monitoring ingress and egress points while still conducting business is a balance security professionals attempt to strike. Couple this with the continued security issues around remote work during the pandemic, and security teams have their hands full.

IT Asset Management

Kenna Security Releases Tool for the Custom Benchmarking of Vulnerability Management Programs

On May 26, Kenna Security released its new Prioritization to Prediction Benchmark Survey. This free tool provides organizations with the ability to compare their vulnerability management programs to industry averages Kenna Security has compiled over the years.