The personal data of 515,000 highly vulnerable global citizens has been compromised in a cyber attack on the International Committee of the Red Cross (ICRC), perpetrated through the systems of a Switzerland-based managed storage services provider with which the organisation contracts.
The data relates to the organisation’s Restoring Family Links programme, which assists people who have been separated from their families due to conflict, migration or disaster, missing persons and their families, and people in detention. It originated from 60 national Red Cross and Red Crescent societies around the world.
The ICRC said it had no immediate indication as to who carried out the attack, or any indication that any of the data has yet been leaked. It said its most pressing concern was the risk of data being publicly exposed, not only for itself but for those it is tasked with assisting and protecting, many of whom will already be under intense personal strain.
“An attack on the data of people who are missing makes the anguish and suffering for families even more difficult to endure. We are all appalled and perplexed that this humanitarian information would be targeted and compromised,” said Robert Mardini, director general of the ICRC. “This cyber attack puts vulnerable people, those already in need of humanitarian services, at further risk.”
Mardini continued: “While we don’t know who is responsible for this attack, or why they carried it out, we do have this appeal to make to them. Your actions could potentially cause yet more harm and pain to those who have already endured untold suffering. The real people, the real families behind the information you now have are among the world’s least powerful. Please do the right thing. Do not share, sell, leak or otherwise use this data.”
The ICRC said the attack had forced it to shut down the systems underpinning its Restoring Family Links programme – its website remains inaccessible at the time of writing – and this will inevitably affect its member societies’ ability to reunite families separated by often appalling circumstances. It said it was working as quickly as possible to develop workarounds to allow its vital work to continue.
“Every day, the Red Cross [and] Red Crescent movement helps reunite on average 12 missing people with their families. That’s a dozen joyful family reunifications every day. Cyber attacks like this jeopardise that essential work,” said Mardini. “We are taking this breach extremely seriously. We are working closely with our humanitarian partners worldwide to understand the scope of the attack and take the appropriate measures to safeguard our data in the future.”
Check Point threat intel and research head Lotem Finkelsteen said organisations in the healthcare and adjacent sectors were one of the most heavily targeted sectors by malicious actors, and that this trend showed no signs of slowing down.
“We are talking about 830 weekly cyber attacks on healthcare organisations in 2021, which is more than a 71% increase in just one year,” Finkelsteen told Computer Weekly in emailed comments.
“Hackers show no mercy on healthcare or other such humanitarian targets, and the Red Cross is not alone here. Hacking groups are aware of the sensitivity of this data, and they see them as ‘fast money targets’.
“Hospitals and healthcare organisations can’t afford to halt operations, as it could literally lead to life or death situations.”
Finkelsteen added: “The threat actors involved in the cyber attack on the Red Cross went straight for the jugular. They went after the organisation’s most sensitive data, seeking to create as much leverage as possible against the Red Cross. The larger risk here is leak of compromised data, which could lead to potentially devastating consequences for victims. The cyber attack on the Red Cross makes vulnerable people even more vulnerable, potentially forcing them to suffer longer and endure further pain. Unfortunately, hackers view their targets as a business, and the business of cyber attacks is ruthless.”
Jamie Akhtar, CEO and co-founder of CyberSmart, added: “This attack perfectly demonstrates that no target is off the table for cyber criminals. And, once again, we’re discussing an attack that started in the organisation’s supply chain. Indirect attacks on large organisations are fast becoming a favoured tactic of cyber criminals; it’s often much easier to breach a supplier or subsidiary first.
“So we urge businesses big and small to start conversations with your supply chain. Share security practices, be transparent and keep lines of communication open. It might just be the difference between successfully avoiding a breach or not.”
