The cybersecurity of many businesses worldwide has been in question since the beginning of the COVID-19 pandemic, as threat actors have used it to leverage various malicious attacks. However, the concerns seem to have elevated, as national and international bodies like the World Health Organization (WHO), Gates Foundation, National Institute of Health (NIH), among others, now face the wrath. Nearly 25,000 of their employees’ email addresses and passwords have been leaked and posted on the underground forums.
SITE Intel Group finds the Leak
The data leak was first noticed by the SITE Intelligence Group, which monitors and analyzes the dark web for cybersecurity threats from online extremists and terrorist groups. The report from SITE stated that NIH was the worst affected with 9,938 leaked email addresses and passwords, followed by the Centers for Disease Control and Prevention at 6,857. Similarly, the World Bank had 5,120, and WHO had 2,732 employee email credentials being leaked. SITE also found that the data dump carries email addresses and passwords of a virology center in Wuhan, which has been at the center of many conspiracy theories related to the ongoing pandemic.
Robert Potter, an independent Australian cybersecurity expert, the authenticity of the leaked data in a tweet, as he could verify some of the email addresses and passwords of WHO employees. However, he mentioned a possibility that this data could be from an earlier attack as health care organizations tend to take cybersecurity lightly at times.
— Robert Potter (@rpotter_9) April 22, 2020
According to the Official Cybercrime Report published by Cybersecurity Ventures, the global pandemic of COVID-19 will continue to have a massive impact on cyberspace. The damages caused by cybercrimes are poised to double amid the Coronavirus outbreak. Cybercrimes will cost the world $6 trillion annually by 2021, up from $3 trillion in 2015.