Hackers Targeting COVID-19 Vaccine Supply Chain, IBM Warns
by Daniel HOFFMAN
With multiple vaccines close to becoming available in a world gripped by the coronavirus pandemic, manufacturers have become the target of hackers trying to steal trade secrets or disrupt supply chains.
IBM warned Thursday that it had uncovered a series of cyber attacks, potentially carried out by state actors, against companies involved in the effort to distribute vaccine doses, which must be kept cold.
IBM said the European Commission's Directorate-General for Taxation and Customs Union was one target of the attacks, as well as European and Asian companies involved in the supply chain, whose names have not been disclosed.
"Our team recently uncovered a global phishing campaign targeting organizations associated with a COVID-19 cold chain," Claire Zaboeva and Melissa Frydrych, analysts for IBM X-Force, a cyber security working group, wrote in a blog post.
The purpose "may have been to harvest credentials, possibly to gain future unauthorized access to corporate networks and sensitive information relating to the COVID-19 vaccine distribution."
It was unclear if the attacks were successful, IBM said, and while it could not identify those behind the attacks, the precision of the operation signals "the potential hallmarks of nation-state tradecraft."
The vaccine developed by Pfizer and German company BioNTech, which on Wednesday got the green light from Britain to distribute its vaccine, must be stored below -70 degrees Celsius to ensure its effectiveness.
That means it will require specialized logistics companies such as Haier Biomedical, a Chinese-owned cold chain supply company working with the World Health Organization and the United Nations.
Hackers impersonated an executive from Haier Biomedical, and "disguised as this employee, the adversary sent phishing emails to organizations believed to be providers of material support to meet transportation needs within the COVID-19 cold chain," Zaboeva and Frydrych wrote.
Moderna also has developed a vaccine that must be stored at -20 degrees Celsius, while AstraZeneca's version can be stored in a normal freezer.
Wave of Attacks
Cybercriminals also have tried to attack several pharmaceutical companies developing vaccines including Johnson & Johnson, Novavax, AstraZeneca and South Korean laboratories, according to the Wall Street Journal.
Spanish laboratories also reportedly have been attacked by Chinese cybercriminals, the El Pais newspaper reported in September.
Cold storage giant Americold last month reported a hack into its computer systems to the US stock market regulator, without specifying whether the attack was related to the group's role in vaccine storage.
"The intellectual property relating to mass market pharmaceuticals has tremendous value and so is a significant prize for a cybercriminal," said Mark Kedgley, chief technology officer at New Net Technologies (NNT), a Naples, Florida-based provider of cybersecurity and compliance software.
And Covid-19 vaccines draw "Nation State level hacking."
The countries experts most often linked to cyber attacks are Russia, China and North Korea, although there is no formal proof of their involvement in the recent incidents.
But cybersecurity firm Kapersky notes the use of "false flags" including Russian-linked email addresses, in a possible move to deflect blame for the attacks.
There also could be financial motives behind the attacks.
Brett Callow, threat analyst at Emisoft, said the attacks are not surprising.
"States or non state actors will try to use any situation that they can to obtain an advantage, whether it's a political or a financial advantage," he told AFP. "It's pretty much inconceivable that anything Covid-related wouldn't come under attack."
The US federal cyber security agency, CISA, said the IBM report should be taken seriously by organizations involved in the vaccine supply chain.
"CISA encourages all organizations involved in vaccine storage and transport to harden attack surfaces, particularly in cold storage operation, and remain vigilant against all activity in this space," Josh Corman, a CISA strategist, told AFP.
The labs, too, will be on alert.
"Much of the large pharma companies have the skills and cybersecurity organizations to be able to detect this malicious type code and to protect against it," Marrene Allison, chief information security officer for Johnson & Johnson, said Thursday during a conference hosted by the Aspen Institute.
But, she said, "unfortunately, not everyone has that in the health care industry."
Copyright Agence France-Presse, 2020