Mia PAHO bot RPA
Photo: PAHO

PAHO Welcomes Mia and Max, Their First ‘Digital Workers’

The New Bots Developed by UNICC and PAHO Support the Procurement Process of Covid-19 Vaccines 

The Pan American Health Organization (PAHO) has added two Acquisitions Technician to their Procurement and Supply Management team, two new members that can work 24 hours per day, 7 days a week, year-round. Mia and Max are PAHO’s first ever bots, and they have been developed by UNICC’s Robotic Process Automation (RPA) team alongside PAHO’s Procurement and IT teams.

The robots execute repetitive and time-consuming tasks, allowing the human team to forget about the paperwork and focus on strategic aspects of the procurement function, such as establishing the needs of the countries served by PAHO and enhancing relationships with suppliers. 

Mia – Assisting the Purchase of Strategic Products 

Mia automates the purchase order requisition process. The bot downloads data from a spreadsheet report and uses it to fill in specific details in the ERP software Workday. A unique feature of this solution is that it is able to detect if a memo is written in Spanish and translate it into English.

A single purchase order requisition takes a human buyer an average processing time of 20 minutes, while Mia is able to do the same work in approximately 5 to 8 minutes, thanks to automating redundant and time consuming steps.

Mia and Max are helping other team members with transactional tasks, so they can focus on better serving our countries. These bots are a great example of what UNICC can do to support the UN Family.

Daniel Rodrigues, Director, Procurement and Supply Management, PAHO

Since Mia’s first day at work, the bot has been helping buyers with the purchase of strategic products, including Covid-19 vaccines for the American countries.

Mia is an unattended bot, which means that it is programmed to start at a specific time and keep working until there are no more purchase order requisitions in the to-do list. Then it waits until the next scheduled run to complete a new list. Mia is easily scalable – as seen with the push for Covid-19 vaccine distribution, the bot is able to process planned and unplanned increases in volume, helping to expedite the purchase of the much needed vaccine.

Max – More than a Software, a Key Member of the Team

Max is a robotic solution that uses Artificial Intelligence (AI) and Machine Learning (ML) to automatically create Advance Shipment Notifications (ASN). The bot reads shipping documents, extracts relevant data points and adds them into Workday.

The creation of ASN is not only a time-consuming process, but it is prone to human error, due to the many data points that must be transferred from documents to the ERP software. With the new solution the PAHO team saves time and reduces the risk of errors in the documentation.

The bot is currently being trained. After it completes the task, it sends the document to a validation station where a human team member reviews and confirms the data has been correctly extracted. With each validation, Max increases its confidence level, and as time progresses its precision will be high enough for PAHO to allow ‘Straight Pass Through’ extraction. After validation, the bot enters the confirmed data into the system, after which the ASN is created.

The bot works on automatically completing the documentation on vaccine lots and batch numbers, as well as manufacture and expiration dates, a process that was not included in the previous manual system.

Beyond Mia and Max, the Potential of RPA

PAHO’s RPA journey with UNICC started on April 2020 with an initial analysis of automating opportunities.

PAHO’s IT team initially experimented with setting up its own infrastructure for RPA using Automation Anywhere and setting up its own MS Azure environments. However, PAHO decided to switch to UNICC’s “Bot as a Service” to leverage their RPA expertise and since that was more cost effective.

Patrick Hinderdael, Director, Information Technology Services, PAHO

With the experience of having delivered multiple automation solutions to over 15 UN Clients across various domains such as travel, finance, procurement, HR, IT and healthcare, the UNICC’s RPA team started developing Mia and Max in October 2020.

We at UNICC are proud to help launch Mia and Max, and do our little bit to support the life-saving work of PAHO.

Sameer Chauhan, Director, UNICC

The joint team is now exploring which other repetitive functions within the Procurement and Supply Management unit in PAHO could be automated ,and hope to add more digital workers that will allow their human team mates to increase their efficiency and productivity.

Image

UNICC RPA Solutions

Scammers impersonating WHO website taken down by UNICC and Group-IB.
Photo: WHO

Saving World Health Day: UNICC and Group-IB Take Down Scam Campaign Impersonating the World Health Organization

UNICC, together with Group-IB, a global threat hunting and adversary-centric cyber intelligence company that specialises in investigating high-tech cybercrimes, detected and took down a massive multistage scam campaign circulating online on April 7, World Health Day. Scammers created a distributed network of 134 rogue websites impersonating the World Health Organization (WHO) on its health awareness day, encouraging users to take a fake survey with a promise of funds in return. The scheme targeted millions of users around the world with the goal of tricking them into visiting fraudulent third-party websites.

Group-IB Digital Risk Protection Team detected the campaign and reached out UNICC’s Common Secure team as a trusted contact for cyber threat intelligence matters within the UN in order to assure that competent contacts with WHO are aware of its existence. 

Group-IB Digital Risk Protection Team performed the takedown of all the scam domains. Group-IB researchers established that one scammer collective, codenamed DarkPath Scammers, is likely to be behind the campaign. The investigation is underway.

Cyber-hygiene for the Sustainable Development Goals

UNICC works with the World Health Organization and many other UN Agencies to deliver on their mandates, represented by the Sustainable Development Goals, a collection of 17 interlinked global goals designed to be a blueprint to achieve a better and more sustainable future for all. Whether it’s health, eradication of poverty or hunger, rights for women and girls, actions to take on climate change, economic justice, sustainable cities and communities, or for peace and justice around the world, UNICC provides digital business solutions, including a threat intelligence network for over 30 UN Agencies and international organizations.

After warning us, we knew Group-IB was the team to deal with this World Health Day scam. They have the expertise and tools to get the job of takedown done, in short order.

Bojan Simetic, Information Security Specialist, UNICC 

We are excited to cooperate with UNICC in the detection and elimination of scams deceiving people into thinking they are dealing with legitimate websites. 

Dmitry Tyunkin, Head of Group-IB Digital Risk Protection Team

Detecting the Scam

On April 7, Group-IB alerted UNICC about a fake website impersonating WHO branding, where users were encouraged to answer a few simple questions to earn a 200 Euro reward on the occasion of World Health Day.  

Once users answered questions, they were prompted to share links with their WhatsApp contacts. This way scammers tried to ensure the viral distribution of their multistage schema. Group-IB researchers discovered that users would see several fake Facebook comments about gifts commentators supposedly received. When they then hit the Share button they would unknowingly involve friends in the scam by sharing the link with them – instead of the promised reward – with a redirect to third-party fraudulent resources offering participation in another lucky draw. 

By this time in the scam routine WHO is no longer mentioned as users would visit a hookup website, inadvertently install an extension for their browsers or subscribe for paid services. In the worst-case scenario, users would end up on a malicious or a phishing website.  

In addition to the multi-stage nature of the scam, which makes it harder to detect, victims saw customised content depending on their geolocation, user agents and language settings. For example, the currency of the reward would change depending on user location. 

What the Scam Looked Like

Group-IB Digital Risk Protection team discovered that it was not a one-off, short-lived website impersonating the WHO brand, but rather a sophisticated distributed scam infrastructure that included a network of 134 almost-identical, connected domains hosting web pages exploiting the World Health Day theme. Within 48 hours upon discovery, Group-IB managed to block all the rogue domains. 

Screenshot of Group-IB Platform Digital Risk Protection Platform showing network of scam websites taken down with UNICC.
Screenshot from Group-IB Digital Risk Protection Platform shows the network of 134 rogue websites impersonating the World Health Organization. Credit: Group-IB

Further investigation found that the 134 domains, identified and blocked by Group-IB, are part of a larger scam network, attributed to a single scammer collective.   

Group-IB researchers discovered connections between the blocked 134 websites involved in the WHO scam and at least 500 other scam and phishing resources impersonating more than 50 well-known international food, sportswear, e-commerce, software, automotive, e​nergy industry brands. The analysis of websites revealed that cybercriminals used scam kits, similar to phishing kits, which are sets of instruments for the creation and design of scam pages. One scam kit allows impersonating multiple brands at a time using the same template. Interestingly, after the takedown efforts by UNICC and Group-IB, the scammers stopped using the WHO branding across their whole network. 

Brands impersonated by DarkPath scammers, collective involved in the WHO scam taken down by Group-IB and UNICC.
Brands impersonated by DarkPath Scammers. Breakdown by industries. Credit: Group-BI

Scam Syndicate 

During the infrastructure analysis, Group-IB researchers examined the domains and other digital indicators and concluded that the whole network is likely to be maintained and controlled by a scammer collective codenamed DarkPath Scammers. Most of the domains with phishing and scam content are using CDN’s (Content Delivery Networks) to hide IP-addresses of the real servers. Thanks to its proprietary Graph Analysis system, Group-IB researchers analysed dozens of SSL certificates, SSH keys, DNS and were able to track down malicious infrastructure, unveil the IP-addresses of the real servers where phishing content was stored and connect the domains into one distributed scam network. The scammers are using the same infrastructure configuration with its own traits and misconfigurations across all their servers. Group-IB continues to monitor the scammers’ activity. 

Most of the scam websites controlled by DarkPath Scammers remain active at the moment and keep targeting millions of users around the world. The scammers advertise their resources using email blasts, paid ads and in social media. According to Group-IB estimates, the scammers’ whole network attracts around 200,000 users daily from the US, India, Russia and other locations.

Dmitry Tyunkin, Head of Group-IB Digital Risk Protection team in Amsterdam, noted that “many brands, however, still underestimate the impact of such scams on their businesses and customers. Most organizational approaches to eliminating brand abuse online seems a lot like tilting at windmills. They miss this continuous trend toward the use of multistage scams and distributed infrastructure. Scammers use smart, advanced technologies. They are successful due to the lack of comprehensive digital asset monitoring by brand owners.”

Organizations should carry out seamless online monitoring to promptly detect any cases of illicit use of their brands. Many institutions monitor only separate brand infringements, like phishing pages and domains but overlook other elements of fraudulent infrastructure. To see the comprehensive picture of all brand violations, companies should use Group-IB Digital Risk Protection solutions that will promptly eliminate all brand infringements online on a pre-trial basis without additional investment and lengthy litigation.  

To avoid falling prey to this scheme, online users should carefully check the website they are interacting with. It is never redundant to check if the link you’re going to click on is identical to the domain of the organization’s official website since fraudsters often register domain names mimicking official ones. Stay suspicious of any website on which you plan to enter your data is a habit that must be developed by everyone willing to keep their money safe.

UNICC 107th Management Committee UN Geneva

UNICC 107th Management Committee Celebrates Earth Day and Girls in ICT Day with Briefings on Sustainability and Diversity Efforts

UNICC Updates Partners on Key Developments in Operations, Cyber Security, Finance, Business, Audits and Digital Transformation Areas

UNICC’s Management Committee (MC), the organization’s governance body, met virtually on Wednesday 21 and Thursday 22 April for the 107th session and the first of 2021. The MC is comprised of representatives from over 40 Partner Organizations and meets twice every year. This body shares responsibility with UNICC’s Director for key decisions, providing guidance for the organization’s strategic direction and approving the Centre’s budget, financial reports and service rates.

On Wednesday, the session covered statutory business, highlighting some of the key developments in the organization over the past six months, since the 106th Management Committee meeting. UNICC’s Director Sameer Chauhan informed attendees about the progress of several workstreams of the organization’s ongoing digital transformation and provided updates in the areas of operations, cyber security, finance, business and audits.

Growth was the watchword of the day, with a healthy financial outlook, new partners, an upcoming pipeline of projects and innovative technology services to support the needs of UNICC’s Clients and Partner Organizations. ‘We are listening’ and ‘we are responsive’ have been the organization’s refrain. To answer the question of how to maintain this organization’s growth, the answer was a resounding: Listen, anticipate needs of Clients and stay relevant.

On the second day of the 107th Management Committee, UNICC shared near-term initiatives and discussed with its Partners forward-looking digital trends where UNICC can add value. 

I thank all UNICC’s Partners for the active, interesting and positive board meeting and the healthy discussion about the opportunities and challenges with technology the UN system is facing.

Sameer Chauhan, Director, UNICC

One of the conversations focused on supporting hybrid conferencing events involving governing bodies and a second was related to the monitoring of accounts receivable, both topics proposed by MC members. The two other topics on the second day’s agenda were brought forward by UNICC. 

Coinciding with ITU’s International Girls in ICT Day, one of the sessions revolved around how to ensure UNICC has a diverse workforce. Partners were briefed on current initiatives for gender, diversity and inclusiveness in the digital business field, including HR gender balance efforts targeted at achieving UNICC’s goal to reach complete gender parity by 2028. 

Greening UNICC Initiatives

Thursday was Earth Day and UNICC celebrated this international milestone by sharing ongoing efforts to make UNICC a more sustainable organization. Milena Grecuccio, Chief of Staff and Chief of Corporate Services (OIC), and Marco Liuzzi, Chief, Operations Officer, explained that UNICC is currently concentrating its attention on green data centres and workspaces, where significant progress has already been made. The organization is establishing new goals for mapping a way forward.

In addition, UNICC has recently joined the UNEP Greening the Blue initiative with a staff focal point who will work with experts to collect data and define and report on UNICC’s environmental metrics as part of the Greening the Blue system.

The discussion on sustainability was well-received; UNICC will continue to brief Partners on this topic in the coming meetings.

MC Appoints New Chair

During the 107th Management Committee meeting, the MC members appointed a new Chair to serve during the next year. The incoming Chair, Fabrice Boudou, Director of IT Solutions Division at WTO, will steer the committee with continuing Vice Chair Anthony O’Mullane, Director of Operations Support Division at UN OICT. UNICC thanks the entire Management Committee and especially the outgoing Chair Enrica Porcari for her excellence guidance and steer, and extends a warm welcome to the incoming Chair Fabrice Boudou. 

Thank you UNICC for the work you do to be a true technology partner to all UN Agencies. It has been an honour to serve as Chair of the Management Committee.

Enrica Porcari, CIO and Director of Technology, WFP and outgoing Chair of the UNICC Management Committee

I am extremely excited for the months ahead and the opportunity to be part of the UNICC adventure alongside Sameer and the team. There is a need for more digital transformation in the UN to succeed in a digital world, and our organizations need UNICC for this.

Fabrice Boudou, Director of IT Solutions Division, WTO and Chair of the UNICC Management Committee

The UNICC Management Committee will meet again in the Fall for the second session of 2021. 

Screenshot of UNICC's 107th Management Committee Meeting
Photo: UNICC
Digital CE App
Photo: UNJSPF

UNJSPF and UNICC Present Digital Certificate of Entitlement at UN Innovation Network Webinar

​On Thursday 15 April, the UN Innovation Network (UNIN) hosted a webinar as part of its Blockchain Learning series on the Digital Certificate of Entitlement solution, developed by UNICC and the UN Joint Staff Pension Fund (UNJSPF) for the Pension Fund’s beneficiaries around the globe.

The webinar began with a presentation by Dino Cataldo Dell’Accio, CIO, UNJSPF, who detailed the broader objectives of the Digital Certificate of Entitlement solution, revolutionizing the Pension Fund’s 70-year-old manual processes. 

With a pool of nearly 80,000 beneficiaries, UNJSPF annually holds the responsibility of ensuring the proper delivery of all 80,000 pensions. A tedious, antiquated and risk-prone procedure was in need of updates. Objectives for this solution included process automation, reliability, privacy, security and scalability.

Shashank Rai, CTO, UNICC then described the technical functionalities that serve UNJSPF’s objectives. He noted the application’s ability to confirm biometric Identity of every beneficiary, addressing the Pension Fund’s need to prove facial recognition, proof of existence and physical location. 

We need to congratulate UNICC for its flexibility in navigating the challenges of implementing the application in the middle of the pandemic. The blockchain technology applied in this Digital Certificate of Entitlement brings about endless possibilities to automate other aspects of the pension distribution process and beyond.

Dino Cataldo Dell’Accio, CIO, UNJSPF

Another aspect of the Digital CE solution that Shashank described was the immutability of the process of identity verification, whereby all private, biometric data for beneficiaries is hosted on individual mobile devices onto which the app is downloaded. Because of various obstacles around data privacy and security in the process of verification, the respective hosting of a beneficiary’s data, named a “blockchain wallet,” is “a way to bring back the ownership of one’s data into their own hands.”

The webinar also featured a Q&A session during which many representatives attending from organizations such as UNDP and WFP inquired about numerous aspects of the solution, such as the application’s development process, particularly over the course of the pandemic. Despite the its hampering of plans to properly present the solution throughout the UN ecosystem, UNICC developers and involved stakeholders were able to successfully roll out the Digital Certificate to 250 test beneficiaries in WFP and FAO. 

 UNIN’s feature of the Digital Certificate of Entitlement solution serves as a testament to the UNICC and UNJSPF commitment to Sustainable Development Goal 9: Industry, Innovation and Infrastructure, and Goal 17: Partnerships for the Goals. The partnership extends form UNICC and UNJSPF to working with the UNIN to share innovative digital business solutions.

The UNIN is an informal, collaborative community of UN innovators interested in sharing their expertise and experience with others to promote and advance innovation within the UN System. The UNIN is open to innovators from all UN Agencies as well as external partners and to date, 3,000 colleagues from 65+ UN Entities in over 140 countries have joined the Network.