RED CROSS CYBERATTACK
Last Wednesday, the International Committee of the Red Cross (ICRC) confirmed that the confidential information of more than 515,000 highly vulnerable people had been hacked. The victims were recipients of aid and services from at least 60 affiliates of the global charity. The Red Cross refrained from attributing the hack to any specific cybercriminal gang or nation-state hackers. It also declined to speculate on the motivation behind the cyberattack on its contractor in Switzerland that was storing the data. Nevertheless, ICRC Director-General, Robert Mardini, stated:
“We are all appalled and perplexed that this humanitarian information would be targeted and compromised.”
WHAT IS THE ICRC?
Headquartered in Geneva, the ICRC is part of the International Red Cross and Red Crescent Movement, along with the International Federation of Red Cross and Red Crescent Societies. Founded in February 1863, the purpose of the ICRC is to protect the victims of conflicts and provide them with assistance. The organization’s official mission statement says that:
“The International Committee of the Red Cross (ICRC) is an impartial, neutral, and independent organization whose exclusively humanitarian mission is to protect the lives and dignity of victims of war and internal violence and to provide them with assistance.”
As of December 2020, the ICRC had an annual budget of CHF 2.2 billion (£1.8 billion) with 20,000 employees and volunteers operating in over 100 countries.
WHAT NEXT FOR THE RED CROSS?
In the wake of the cyberattack, the Red Cross was forced to temporarily halt a program that reunites families separated by violence, conflict, migration or other disasters. The Red Cross claims that it currently reunites 12 missing individuals with their families every day. A major concern for the ICRC is that hackers might leak or sell the stolen data about at-risk families and their locations to criminals on the dark web. This could easily result in ransomware attacks, identity theft and more cybercriminal misdemeanours. Mardini said:
“An attack on the data of people who are missing makes the anguish and suffering for families even more difficult to endure.”
A PLEA FROM THE ICRC
Crystal Wells, a spokesperson for the Red Cross also said that the ICRC could not confirm if the sensitive data was stolen or not but believed that it was likely. She said:
“We know that they have been inside our system and have had access to our data.”
And it’s the access to data that really troubles the Red Cross. Mardini implored the hackers not to do anything untoward with the misappropriated data. He said:
“The real people, the real families behind the information you have now are among the world’s least powerful. Please do the right thing. Do not sell, leak, or otherwise use this data.”
WHAT REALLY HAPPENED?
The root cause of the ICRC hack was that its IT contractor allowed bad actors into its systems and network. There are many possibilities why this happened including weak or misconfigured firewalls, ineffective cybersecurity monitoring, not backing up data, inadequate password policy or not applying MFA. Whatever the cause, it all boils down to badly-managed IT services.
WHAT COULD BE DONE?
You don’t need to become a victim of cybercrime like the ICRC. You can keep all hackers at bay by contacting Zhero, a professional MSP with 20 plus years of experience in business IT. Zhero specializes in cybersecurity and risk mitigation and we only wish that the Red Cross had come to us with its IT. But you can. Let Zhero sort your IT chaos. Get in touch today.
