An attack on a Red Cross partner this week has compromised confidential information on more than half-a-million vulnerable people, including those separated from their families due to conflict, migration and disaster, the International Committee of the Red Cross (ICRC) said late Wednesday (January 19), calling for its return.
The attack has forced the shutdown of the Red Cross’s programme dedicated to reuniting family members separated by conflict, disaster or migration; a fresh reminder of the bottom-feeders the world is dealing with.
The Red Cross data breach came after the servers of a third-party contractor handling the ICRC’s data storage was hit, the agency said. None of the data appears to have been publicly leaked yet and the ICRC has implored the unnamed attackers to release it. (They did not specify the nature of the “sophisticated” attack.)
See also: Just 2 key lessons from the Colonial Pipeline attack
"An attack on the data of people who are missing makes the anguish and suffering for families even more difficult to endure” said Robert Mardini, ICRC's director-general in a public release.
"This cyber-attack puts vulnerable people, those already in need of humanitarian services, at further risk… While we don't know who is responsible for this attack, or why they carried it out, we do have this appeal to make to them: your actions could potentially cause yet more harm and pain to those who have already endured untold suffering."
He added: "The real people, the real families behind the information you now have are among the world's least powerful. Please do the right thing. Do not share, sell, leak or otherwise use this data."
The ICRC said it has no immediate indications as to who carried out this cyber-attack, which “targeted an external company in Switzerland the ICRC contracts to store data.”
The commodification of ransomware attacks has made it increasingly easy for any script kiddy to scan for public vulnerabilities and then launch an attack on their victims. It is possible that the ICRC was not explicitly targeted but is just the victim of an opportunistic attack on an exposed or otherwise poorly secured server.
Lotem Finkelsteen, Head of Threat Intelligence and Research for Check Point Software Technologies noted that “healthcare is one of the most targeted industries by threat actors according to our data, and it will continue to be one of the most attacked targets in 2022. We are talking about 830 weekly cyber attacks on healthcare organisations in 2021, this is over 71% increase in just one year," he added.
"Hackers show no mercy on healthcare or other such humanitarian targets, and the Red Cross is not alone here.”
The ICRC said it is working on workarounds to relaunch its service.
Here is the NCSC's guide to a robust backup strategy.