Breach, Threat Management

Red Cross breach could happen to any organization, security community warns

Evacuees from Afghanistan receive food, beverages and blankets from the American Red Cross after arriving at the Ramstein Air Base on Aug. 26, 2021, in Ramstein-Miesenbach, Germany. (Photo by Andreas Rentz/Getty Images)

The security community on Thursday was aghast to learn of the attack by still unknown hackers on the servers of the International Committee of the Red Cross (ICRC).

The Red Cross reported on Wednesday that hackers breached the data of about 515,000 people, many of whom were vulnerable victims of conflict, migration, and natural disasters. The humanitarian organization said the breach targeted an external contractor in Switzerland that stores data for it.

According to the Associated Press, while the Red Cross cannot say for sure that its records were stolen, the agency said in a statement: “we feel it is likely — we know they have been inside our system and have had access to our data.”

While some cybercriminal groups have rules to keep organizations like the Red Cross out of the line of fire, this isn’t a universally adopted position, said Tim Wade, technical director of the CTO Team at Vectra. 

“This attack seems to have little financial gain for the cybercriminals behind it, but we’re increasingly seeing attacks that are just as much about disruption, fear, and discrediting opposing ideologies instead of making money,” Wade said. “Regardless of whether this was targeted or merely opportunistic, it’s clear that every organization faces some level of material cyberthreat today.”

Garret Grajek, CEO at YouAttest, said “there is no honor among thieves” — and that phrase certainly applies to modern hackers. Grajek said identities are the treasure they seek, and he’s sure they believe that if the donors have enough to give for charity, there’s more in the kitty for them to pursue or ransom.

“The key for these organizations is to assume their defenses are being probed and enact the countermeasures that they’d otherwise use once a breach has occurred,” Grajek said. “The CISA organization in the United States just released best practices which included obvious measures such as patches and 2FA, but also advised on pro-active measures such as identity and network reviews.”

Tom Garrubba, vice president at Shared Assessments, said sadly, this attack affected such a noble organization as the Red Cross. Garrubba said if the threat actors knew this, this adds further evidence that threat actors can — and will — go after anyone.

“No organization, even those that have storied histories of doing good in the world, are safe from a cyberattack,” Garrubba said. “One can simply hope that these threat actors will not bring additional pain to those ‘highly vulnerable people’ who relied on the Red Cross to assist them in dealing with a tragic loss. Additionally, non-profit organizations must realize they and their vendors can also come under attack and it’s absolutely imperative to conduct ongoing and mature third-party risk management.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.