Hackers targeting Covid-19 vaccine supply chain, IBM warns

564

NEW YORK, Dec 4, 2020 (BSS/AFP) – With multiple vaccines close to becoming
available in a world gripped by the coronavirus pandemic, manufacturers have
become the target of hackers trying to steal trade secrets or disrupt supply
chains.

IBM warned Thursday that it had uncovered a series of cyber attacks,
potentially carried out by state actors, against companies involved in the
effort to distribute vaccine doses, which must be kept cold.

IBM said the European Commission’s Directorate-General for Taxation and
Customs Union was one target of the attacks, as well as European and Asian
companies involved in the supply chain, whose names have not been disclosed.

“Our team recently uncovered a global phishing campaign targeting
organizations associated with a COVID-19 cold chain,” Claire Zaboeva and
Melissa Frydrych, analysts for IBM X-Force, a cyber security working group,
wrote in a blog post.

The purpose “may have been to harvest credentials, possibly to gain future
unauthorized access to corporate networks and sensitive information relating
to the COVID-19 vaccine distribution.”

It was unclear if the attacks were successful, IBM said, and while it could
not identify those behind the attacks, the precision of the operation signals
“the potential hallmarks of nation-state tradecraft.”

The vaccine developed by Pfizer and German company BioNTech, which on
Wednesday got the green light from Britain to distribute its vaccine, must be
stored below -70 degrees Celsius to ensure its effectiveness.

That means it will require specialized logistics companies such as Haier
Biomedical, a Chinese-owned cold chain supply company working with the World
Health Organization and the United Nations.

Hackers impersonated an executive from Haier Biomedical, and “disguised as
this employee, the adversary sent phishing emails to organizations believed
to be providers of material support to meet transportation needs within the
COVID-19 cold chain,” Zaboeva and Frydrych wrote.

Moderna also has developed a vaccine that must be stored at -20 degrees
Celsius, while AstraZeneca’s version can be stored in a normal freezer.

– Wave of attacks –

Cybercriminals also have tried to attack several pharmaceutical companies
developing vaccines including Johnson & Johnson, Novavax, AstraZeneca and
South Korean laboratories, according to the Wall Street Journal.

Spanish laboratories also reportedly have been attacked by Chinese
cybercriminals, the El Pais newspaper reported in September.

Cold storage giant Americold last month reported a hack into its computer
systems to the US stock market regulator, without specifying whether the
attack was related to the group’s role in vaccine storage.

“The intellectual property relating to mass market pharmaceuticals has
tremendous value and so is a significant prize for a cybercriminal,” said
Mark Kedgley, chief technology officer at New Net Technologies (NNT), a
Naples, Florida-based provider of cybersecurity and compliance software.

And Covid-19 vaccines draw “Nation State level hacking.”

The countries experts most often linked to cyber attacks are Russia, China
and North Korea, although there is no formal proof of their involvement in
the recent incidents.

But cybersecurity firm Kapersky notes the use of “false flags” including
Russian-linked email addresses, in a possible move to deflect blame for the
attacks.

There also could be financial motives behind the attacks.

Brett Callow, threat analyst at Emisoft, said the attacks are not
surprising.

“States or non state actors will try to use any situation that they can to
obtain an advantage, whether it’s a political or a financial advantage,” he
told AFP. “It’s pretty much inconceivable that anything Covid-related
wouldn’t come under attack.”

The US federal cyber security agency, CISA, said the IBM report should be
taken seriously by organizations involved in the vaccine supply chain.

“CISA encourages all organizations involved in vaccine storage and
transport to harden attack surfaces, particularly in cold storage operation,
and remain vigilant against all activity in this space,” Josh Corman, a CISA
strategist, told AFP.

The labs, too, will be on alert.

“Much of the large pharma companies have the skills and cybersecurity
organizations to be able to detect this malicious type code and to protect
against it,” Marrene Allison, chief information security officer for Johnson
& Johnson, said Thursday during a conference hosted by the Aspen Institute.

But, she said, “unfortunately, not everyone has that in the health care
industry.”