UN SharePoint Hack. Should I worry?

I assume by now that you are aware of the United Nations (U.N.) hack. The attackers are estimated to have retrieved 400 GB of sensitive data. The interesting problem with this attack is that the details are still very vague, and to make it worse, the U.N. tried to hide the fact it ever happened. 

Stéphane Dujarric, the spokesperson for the UN Secretary-General, stated, “Attempts to attack the UN IT infrastructure happen often. The attribution of any IT attack remains very fuzzy and uncertain. So, we are not able to pinpoint any specific potential attacker, but it was, from all accounts, a well‑resourced attack.

However, Ben Parker, who is with the Thew New Humanitarian, said, “Although it is unclear what documents and data the hackers obtained in the 2019 incident, the report… implies that internal documents, databases, emails, commercial information, and personal data may have been available to the intruders – sensitive data that could have far-reaching repercussions for staff, individuals, and organizations communicating with and doing business with the U.N.

The hackers targeted a total of 42 servers, compromising the Active Directory domains of U.N. offices in Geneva and Vienna. These locations employ around 4,000 staff; however, Geneva was the hardest hit, with 33 servers compromised.

The breach itself stemmed from a flaw within Microsoft SharePoint Server. It was a well-known vulnerability already identified as “CVE-2019-0604.” This vulnerability affects SharePoint Server 2010, 2013, 2016, and 2019. The good news, however, is that patches are available and have been for a LONG time.

SharePoint Foundation 2010 SP2

https://support.microsoft.com/en-us/help/4461630/description-of-the-security-update-for-sharepoint-foundation-2010-febr

SharePoint Server 2010 SP2

https://support.microsoft.com/en-us/help/4462184/description-of-the-security-update-for-sharepoint-server-2010-march-12

https://support.microsoft.com/en-us/help/4461630/description-of-the-security-update-for-sharepoint-foundation-2010-febr

SharePoint Server 2013 SP1

https://support.microsoft.com/en-us/help/4462202/description-of-the-security-update-for-sharepoint-enterprise-server

https://support.microsoft.com/en-us/help/4462143/description-of-the-security-update-for-sharepoint-foundation-2013

SharePoint Enterprise Server 2016

https://support.microsoft.com/en-us/help/4462211/description-of-the-security-update-for-sharepoint-enterprise-server

SharePoint Server 2019

https://support.microsoft.com/en-us/help/4462199/description-of-the-security-update-for-sharepoint-server-2019-march-12

The breach itself came after the U.N. completed an audit back in 2018. The security audit identified many problems with their systems. The review identified 200+ servers running obsolete or unsupported technology such as Windows Server 2000. The most interesting observation from the audit is the fact that the organization had shifted to self-certification for website and web application security, leaving it up to individual offices to confirm that they had applied updates to web-based systems.

If you look at the dates of the released patches for SharePoint Server, you can see these are from February and March of 2019. To learn a little more about this attack, I wrote a blog post for Rencore last year that talks about this type of attack.

What is the lesson learned?

Patch, Patch, and Patch!! That is it. There is no excuse, in reality, to not patch servers with Security updates. Of course, first, read the details of the update and then determine when to patch.


Liam Cleary

Liam began his career as a Trainer of all things computer-related. He quickly realized that programming, breaking, and hacking was a lot more fun. He spent the next few years working within core infrastructure and security services until he found SharePoint. He is the founder and owner of SharePlicity, a consulting company that focuses on all areas of Technology. His role within SharePlicity is to help organizations implement technology that will enhance internal and external collaboration, document and records management, automate business processes, and of course security controls and protection. Liam also serves as the Principal Technology Advisor at Rencore, where he is helping to develop offerings that help organizations further understand and mitigate security and compliance risks, within SharePoint and Office 365 customization's. His core focus will is to identify, control, and protect whether they are full-fledged customization's or out-of-the-box Office 365 functionality. He is also a thirteen-time Microsoft MVP focusing on Architecture but also crosses the boundary into Development. He is also a Microsoft Certified Trainer (MCT). His specialty over the past few years has been security in SharePoint and its surrounding platforms. He can often be found at user groups or conferences speaking, offering advice, spending time in the community, teaching his kids how to code, raspberry PI programming, hacking the planet or building Lego robots.

You may also like...