Summary
RedXray is cyber threat notification service that simplifies monitoring for organizations and supply chains.
In 2016, the World Anti-Doping Agency (WADA) commissioned an investigation into reports that the Russian government was sponsoring blood doping of Russian Athletes. Cybersecurity analysts worldwide witnessed cyber-attacks originating from the GRU-linked APT28, better known as “Fancy Bear,” aimed at anti-doping agencies such as the WADA. These attacks were carried out against agencies such as WADA potentially for revenge, due to a ban on Russian participation in certain major sporting events such as the Olympics.
While conducting external data collection regarding cyber-attacks carried out against anti-doping agencies, analysts found that the World Anti-Doping Agency (WADA) had been the target of a cyber-attack in April of 2016. There were two email addresses that had their passwords exposed in this breach. One belonging to Henk Mohanlal, the current IT manager at WADA and the other to Abbygail Deguzman, a previous employee of WADA.
Details
Henk Mohanlal has been working for the agency since May 2007. RedXray shows that Henk’s email and password were breached and leaked in 2016. Abbygail Deguzman is a former employee of the World Anti-Doping Agency, having left the company in July 2019. At the time of the data breach Ms. Deguzman was a Coordinator of Program Development and NADO/RADO relations at the WADA. RedXray shows that this breach also exposed Abbygail Deguzman’s email and password. Below is an example of the RedXray breach data (passwords redacted for privacy):
Conclusion
Red Sky Alliance recommends ongoing monitoring from both internal and external perspectives. Internal monitoring is common practice; however, external threats are often overlooked and can represent an early warning of impending attacks. Red Sky Alliance can provide both internal monitoring in tandem with RedXray notifications on external threats to include, botnet activity, public data breaches, phishing, fraud, and general targeting.
Red Sky Alliance recommends a password change for all accounts identified in the data breach. It is also recommended that the WADA create a stronger password policy which would make brute force and other password attacks more difficult. Finally, multi-factor authentication can be used to protect accounts even when the password has been exposed further enhancing the company’s cyber security posture.
Analysts anticipate more cyber attacks against WADA moving forward. With the beginning of the Olympics being in Summer 2020, Red Sky Alliance expects to see the attacks targeting both WADA and the Tokyo Olympic Committee increase in the Spring of 2020.
Link to full report:RM - WADA Russian Doping Report.pdf
Comments