Unpacking the U.N. SharePoint Hack: Why is Secure Sharing so Necessary?

Diplomacy, diversity and democracy. That is what springs to mind when we think about the United Nations, which celebrated its 75^th year of activity in 2020. But a major cyberattack may have unnerved many who know what allowed the breach to have such a devastating impact- a known vulnerability, (CVE-2019-0604), within the Microsoft SharePoint server.

What happened during the UN hack?

The New Humanitarian, an independent non-profit news organization, first broke the story of this major cyber-attack at the end of January 2020.  According to their extensive reporting, hackers broke into dozens of UN servers in July, with ‘personnel records, health insurance and commercial contract data’. The result was described by insiders as a ‘major meltdown’.

The UN, which enjoys special diplomatic immunity, was not obliged to report an incident of its kind. Events and details concerning the breach were not disclosed to employees, affected bodies, or the relevant public authorities. An internal UN report which was later leaked, noted that overall 42 servers were compromised with 25 more potentially compromised, according to the Associated Press. These servers included those at the UN human rights office, which is home to some of the most sensitive data within the organization, within which, a cyberattack of this scale means global implications.

Why is SharePoint insecure?

In short, the UN was hacked via entry to a known vulnerability of Microsoft’s SharePoint server. SharePoint is used primarily to create websites and is also used to store, organize and share information and is integrated with Microsoft Office. Hackers infiltrated the UN via this vulnerability (CVE-2019-0604) which Microsoft had previously patched but which the UN had not systematically updated. This vulnerability was exploited by those who hacked the UN, as it allowed them to bypass user logins to access all information on UN servers.

It is not the first time that SharePoint has reported vulnerabilities. Last year governments from the Middle East and the Canadian government’s Canadian Centre for Cyber Security warned organizations of the tool’s bugs which had adverse effects on their own systems. For companies who wish to share documents securely, SharePoint has proven itself to be an insecure option.

How can organisations share documents securely?

Businesses who are currently searching for a secure and fuss-free way to organize and share their documents should consider DiliTrust’s Documentation Library. Our virtual Data Room is a secure space for the easy sharing of confidential digital documents. Organizations that wish to utilize a flexible solution for many types of projects across a broad spectrum of fields- from Finance to Pharma can also benefit from exacting security standards that ensure your data remains under your control.

Trusted by customers around the globe, our solution is ISO 27001 certified. Security includes data encryption, both in transit and at rest, the use of an HSM, regular audits, and a strong and demanding security policy. It also includes internal security audits, code reviews, and systematic tests before each new feature is released for production, automated, and daily intrusion tests. DiliTrust Data Room servers are also audited once or twice a year by an external IT security organization.

If you would like to learn more about our solutions, contact us!

🔒 This could also interest you: 

• What is a Data Room and What can it do for Your Business?
• Cyber Attacks on Smart Cities: Why we Need to be Prepared
• Board of Directors: How to Keep Data Secure While Working Remotely