Threat actors leveraged the stolen credentials of a UN employee to gain access to Umoja, a proprietary project management software that’s used in the intergovernmental organization. After intrusion, the attackers stole data that is likely to enable them to go after other agencies within the UN.
“We can confirm that unknown attackers were able to breach parts of the UN infrastructure in April of 2021,” Stephane Dujarric, spokesman for the UN Secretary-General told Bloomberg, that first reported the breach. Resecurity, the security firm that discovered the attack earlier this year informed the UN that the absence of multi-factor authentication for the Umoja account made it easy for attackers to take it down and break into the network.
This breach highlights the fact that even high-profile organizations such as the UN that deal with sensitive information haven’t yet implemented stringent password protection measures. Researchers also found out that the attackers had access to the UN network for at least four months since they first gained access on April 5. Evidence of lateral movement and intruder activity was recorded as recent as Aug 7, 2021, said the researchers.
While the intrusion could have been prevented if the UN’s IT security team performed routine reviews of their password security practices, the lateral movement could have been impeded if they ensured their users were given access to resources only based on a least-privilege model.
However, a one-time clean-up of existing poor password practices and excessive user privileges isn’t a permanent fix, as both are likely to accumulate with time. The permanent solution is adopting the Zero-trust security framework. ManageEngine has a webinar that unpacks the National Institute of Standards and Technology’s Zero Trust model and discusses how organizations can get started with zero-trust implementation. You can watch it here.