Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label United Nations. Show all posts

Over Thousand UN Documents Linked to Gender Equality Exposed Online

 

A database believed to belong to the United Nations Trust Fund to End Violence Against Women was uncovered unsecured online, containing financial records, bank accounts, staff details, victim testimonies, and other information. 

Jeremiah Fowler, a cybersecurity researcher, uncovered the database, which contained 228 GB of information, and reported it to vpnMentor. It lacked password protection, leaving the 115,141 files displayed unencrypted and accessible to anyone with an internet connection. 

While not confirmed, the database contained data that linked it to UN Women and the UN Trust Fund to End Violence Against Women, such as letters and documents addressed to the UN and stamped with UN insignia, with a specific reference to UN Women. 

Fowler discovered scanned passport documents and ID cards in the database, as well as specific details on staff roles such as names, job titles, salary information, and tax data. 

“There were also documents labelled as “victim success stories” or testimonies,” Fowler wrote in his report. “Some of these contained the names and email addresses of those helped by the programs, as well as details of their personal experiences. For instance, one of the letters purported to be from a Chibok schoolgirl who was one of the 276 individuals kidnapped by Boko Haram in 2014.” 

It is unclear how long the database has been exposed, whether it is managed by the UN Women organisation or a third party, and whether anyone outside of the organisation has accessed it. 

Fowler outlines a number of hypothetical possibilities in which the data might be exploited, including convincing spear phishing attempts that employ customised documents to target vulnerable email accounts. The records might theoretically also be used by a threat actor to obtain a high-level grasp of the organisational and the financial framework of the company. 

The UN Women organisation has an undated scam notice on its website, although the page dates back at least to July 2022, with an update in July 2024 that includes an instruction to use the Quantum procurement verification portal. 

Fowler notified the UN Information Security team about the unprotected database, and received a response that stated, "The identified vulnerability does not belong to us (the United Nations Secretariat) and is for UN Women. Please report the vulnerability to UN Women.”

UN Reports: Hundreds of Thousands Coerced into Working in Online Scams


A latest UN investigation reports that hundreds of thousands of people have been trafficked to Southeast Asia to operate online scams.

Apparently, at least 12,000 individuals from Myanmar and another 100,000 Cambodian nationals have been coerced into working on these scams.

While most victims are said to be from Asia, some are from countries in Africa and Latin America. Despite the fact that the issue has long existed, the UN report represents the first thorough examination of its scope.

The investigation suggests that as a result of pandemic-related closures, millions of individuals were forced to stay at home and spend more time online, making them prime targets for those running online fraud schemes.

After luring the less-educated victims into joining the frauds for quick bucks, cybercrime gangs are now targeting victims with a more professional background (often graduates or post-grads).

The report further noted that the places where the victims are primarily targeted and coerced into joining cybercrime come under a jurisdiction where the governance and laws are comparatively weak, with contested authority. "In continuing to call for justice for those who have been defrauded through online criminality, we must not forget that this complex phenomenon has two sets of victims," said the UN High Commissioner for Human Rights Volker Türk.

According to an estimation made by the UN, these scam centres are generating a revenue of whopping billions of US dollars annually. 

Trafficking for Scams

As described by the victims themselves, they were lured into the ‘jobs’ via advertisements that would assure easy work and magnificent perks, finally luring and tricking them into travelling to Cambodia, Myanmar and Thailand. Once they arrived at their destinations, they were apparently kept hostage and forced into working for online scam centres. The ones who refused to comply were subjected to torture and certain ‘inhuman treatment.’

Some networks also prey on those looking for love romance, in what are known as ‘pig-butchering’ scams. 

In one such tragic incident that occurred last year, a Malaysian man, 25, who had travelled to Bangkok to meet a "girlfriend" with whom he had only communicated online, was killed by torture. 

However, on the contrary, he was trafficked to Myanmar and was forced to work for online scam gangs. In one of his last calls to his parents, he stated he had been beaten up for supposedly fabricating a medical condition. He succumbed to the illness after a month in intensive care. 

According to the UN, existing laws in many Southeast Asian nations frequently fall short of international norms and have "in large part" failed to keep up with the development of internet fraud operations since the pandemic.

Many more cases, according to Pia Oberoi, a senior consultant on migration at the UN Human Rights Office, have gone unreported because the victims experience "stigma and shame" for the task they were forced to perform.

The report further added that a much more appropriate response to the issue should "not merely [involve] addressing organised crime or enforcing border controls, but should provide protection and justice for these victims of trafficking.”

In regards to this, Mr. Türk urged governments to take a firm stance against these criminal networks."All affected states need to summon the political will to strengthen human rights and improve governance and the rule of law, including through serious and sustained efforts to tackle corruption," he said.  

Users at Citibank Attacked by a Massive Phishing Scam

 

Scammers impersonating Citibank are now targeting customers in an online phishing campaign. Thousands of bogus email messages were sent to bank customers, according to Bitdefender's Antispam Lab, with the intent of collecting sensitive personal information and internet passwords. 

Responding to unusual activities or an unauthorized login attempt, the accounts have been placed on hold. As a result, the attackers claim all users should authenticate existing accounts as soon as possible to avoid a permanent ban.

According to Bitdefender's internal telemetry, these campaigns are focused primarily on the United States, with 81 percent of the phishing emails sent ending up in the mailboxes of American Citibank customers. However, it has also reached the United Kingdom (7 percent), South Korea (4 percent), and a small number have indeed made it to Canada, Ireland, India, and Germany. When it comes to the origins of these phishing attacks, 40% of the phoney emails appear to have come from the United States, while 13% came via IP addresses in Mexico. 

The cybercriminals behind the effort utilize email subject lines like "Account Confirm Confirmation Required," "Second Reminder: Your Account Is On Hold," and "Account Confirm Confirmation Required" to deceive Citibank clients into opening the emails. Other subject lines were, "Urgent: Account Confirmation Required," "Security Alert: Your Account Is On Hold," and "Urgent: Your Citi Account Is On Hold." 

Since some of the phishing emails in the campaign use the official Citibank logo to make them appear more real, the scammers who sent them did not take the time to correctly fake the sender's email address or repair any punctuation issues in the email body.

Citing phoney transactions or payments, and also questionable login attempts is another strategy used to create these phishing emails which appear to be from Citibank itself, to fool potential victims into authenticating actual accounts. When victims click the verify button, users are taken to a cloned version of the legitimate Citibank homepage. However, if a Citibank customer goes this far, fraudsters will steal the credentials and utilize them in future assaults. 

Bitdefender has discovered another large-scale phishing campaign that went live between February 11 and 15, 2022, offering victims the opportunity to seek cash compensation from the United Nations. The challenge in this situation is to identify the beneficiary as a scam victim, one of the 150 people who were declared eligible for a $5 million payout from Citibank. 

Banks rarely send SMS or email alerts to customers about critical account changes, thereby users can contact the bank and ask to speak to an agent if they receive a message which makes strong claims. Instead of calling the phone numbers included in the email, users should go to the bank's official website and look up the information on the contact page.

UN Security Council Talks Over Cyber threats, Where it Leads?

 

The world’s most important forum regarding well being of nations, the United Nations Security Council is going to carry out its first organized public meeting on cybersecurity. The forum will address growing threats of cyberattacks on countries.  In the recent past, many countries witnessed security incidents targeting their key infrastructure. 

Alongside, America's newly elected President Joe Biden has raised cybersecurity issues with Russian President Vladimir Putin, the country which is often accused of being behind major hacks. 

Earlier this month, a summit took place in Geneva in which the US president set forward red lines for Russia. In which he laid out 16 "untouchable" entities, ranging from the energy sector to water distribution. 

"This is the generic list of critical infrastructure which every country has," said one European ambassador who specializes in cybersecurity. 

"In the United Nations first committee, we already have agreed in 2015, which is six years ago, that we are refraining from malicious cyber activities against each other's critical infrastructures as UN member states," the diplomat said. 

This meeting has been called by Estonia which is heading the Council for June and is also a leader in the fight against cyberattacks. The meeting takes place at a ministerial-level through online services. 

Before this formal meeting, the Security Council has already addressed the issue multiple times, but not formally, it always addressed the subject behind closed doors. 

The aim of the videoconference, Estonia said, is "to contribute to a better understanding of the growing risks stemming from malicious activities in cyberspace and their impact on international peace and security." 

Furthermore, a diplomat added this issue is not something where we hide our heads under the sand and say the matter like this doesn't exist. 

"It is a new issue and in the Security Council, as always, it is difficult to bring anything new after 76 years of dealing with more traditional aspects of peace and security, but Cyber is a dual-use domain, we are in a complex situation which is not similar to other international security topics," the official concluded.