Red Cross Begs Attackers Not to Leak 515K People’s Stolen Data

4 months ago 20

The Red Cross was forced to shut down IT systems behind its Restoring Family Links system, which reunites families separated by war, disaster or migration.

The Red Cross is imploring threat actors to show mercy by abstaining from leaking data belonging to 515,000+ “highly vulnerable” people that were stolen from a program used to reunite family members split apart by war, disaster or migration.

“While we don’t know who is responsible for this attack, or why they carried it out, we do have this appeal to make to them,” Robert Mardini, the director general of the International Committee for the Red Cross (ICRC), said in a release on Wednesday “Your actions could potentially cause yet more harm and pain to those who have already endured untold suffering. The real people, the real families behind the information you now have are among the world’s least powerful. Please do the right thing. Do not share, sell, leak or otherwise use this data.”

The attack forced the ICRC, along with the wider Red Cross and Red Crescent network, to shut down the systems underpinning the Restoring Family Links site. The attack also crippled the humanitarian network’s ability to reunite separated family members, the release said.

Infosec Insiders Newsletter
As of Thursday morning, the site was still down.

As Ars Technica has reported, the Internet Archive last updated the site on Dec. 27, suggesting that the breach may have happened around then.

The compromised data, which originated from at least 60 Red Cross and Red Crescent National Societies around the world, included personal data and confidential information for those who’ve used the Restoring Family Links site.

The ICRC doesn’t know who carried out the cyberattack, but it does know who that they targeted a one of its contractors: a Swiss company that stores data for the ICRC.

There’s no sign that the compromised data has been leaked or shared publicly, according to its release.

‘Appalling,’ ‘Perplexing’ Attack

Mardini said that the attack sharpens the anguish that families are already suffering.

“An attack on the data of people who are missing makes the anguish and suffering for families even more difficult to endure,” he said in the release. “We are all appalled and perplexed that this humanitarian information would be targeted and compromised. This cyber-attack puts vulnerable people, those already in need of humanitarian services, at further risk.”

Red Cross spokesperson Elizabeth Shaw told CNN that the top priority is to work with ICRC delegations and Red Cross and Red Crescent societies on the ground “to find ways to inform individuals and families whose data may have been compromised, what measures are being taken to protect their data and the risks they may possibly face.”

She also ruled out the possibility of ransomware having been involved in the incident and said that “highly specialized” cybersecurity firms are helping the ICRC to respond to the attack.

Threatpost has reached out to the ICRC for an update on its work to recover from the attack.

‘Straight for the Jugular’

Would that this attack were an anomaly. Unfortunately, cyberattackers haven’t shown strong moral compasses when it comes to abstaining from attacks against the wretched.

The numbers make it clear: Check Point Software saw an increase of 71 percent in the number of cyberattacks on the healthcare sector in 2021, which works out to up to 830 weekly attacks.

Check Point Software spokesperson Ekram Ahmed told Threatpost on Thursday that healthcare is “one of the most targeted industries by threat actors, according to our data.”

That won’t change in 2022: “We expect the trend of threat actors targeting healthcare organizations to only continue as we go into 2022,” Ahmed said.

The attack demonstrates that it’s all about the ruthlessness of cybercrime as a business, he said. “Hackers show no mercy on healthcare or other such humanitarian targets, and the Red Cross is not alone here. Hacking groups are aware of the sensitivity of this data, and they see them as ‘fast money targets,'” Ahmed observed via email. “Hospitals and healthcare organizations can’t afford to halt operations, as it could literally lead to life or death situations.”

The threat actors involved in the cyber attack on the Red Cross “went straight for the jugular,” he noted, going after the organization’s most sensitive data and seeking to create as much leverage as possible against the Red Cross.

Were the compromised data to be leaked, it could lead to “potentially devastating consequences for victims,” Ahmed continued. “The cyber attack on the Red Cross makes vulnerable people even more vulnerable, potentially forcing them to suffer longer and endure further pain.”

Darktrace Director of Enterprise Security David Masson wished godspeed to the Red Cross when it comes to finding and securing the information quickly.

“While reputational damage will be a concern for an organization, it pales compared to the potential harm that may come to already highly fragile individuals and groups,” he told Threatpost on Thursday. “If the attackers do not return the data, then hopefully, the Red Cross receives the aid and support it needs to find and secure the information quickly, start delivering much-needed reassurance to those who rely on the organization, and get its ‘Restoring Family Links’ program back up and running soon.”

Photo courtesy of American Red Cross/Talia Frenkel. Licensing details.

Password Reset: On-Demand Event: Fortify 2022 with a password-security strategy built for today’s threats. This Threatpost Security Roundtable, built for infosec professionals, centers on enterprise credential management, the new password basics and mitigating post-credential breaches. Join Darren James, with Specops Software and Roger Grimes, defense evangelist at KnowBe4 and Threatpost host Becky Bracken. Register & stream this FREE session today – sponsored by Specops Software.

Read Entire Article