20 Hackers to assault covid-19 vaccines

Vaccines against the coronavirus awaken the greed of cybercriminals, who multiply attacks to stop delivery or seize trade secrets, which forces laboratories and actors in the supply chain to be more attentive.

In a document published Thursday, the IBM IT group reported a series of targeted cyberattacks against vaccine distribution chain, which require the doses are stored and transported at very low temperatures.

« Our team recently discovered a global ‘phishing’ campaign targeting organizations associated with the COVID-19 cold chain, » IBM X-Force analysts Claire Zaboeva and Melissa Frydrych wrote in a blog. a working group dedicated to cybersecurity.

The vaccine developed by Pfizer and its German partner BioNTech, which received the green light for commercialization in the UK on Wednesday, it cannot be exposed to temperatures higher than -70 ºC to guarantee its effectiveness.

The General Directorate of Control and Customs, a service belonging to the European Commission, was one of the targets of the attack, as well as energy and IT companies from Germany, Italy, Czech Republic, South Korea and TaiwanIBM said.

To catch their victims, the cybercriminals mainly used the “spear phishing” method, which consists of impersonating someone you know to obtain confidential and sensitive data.

The hackers sent fraudulent emails on behalf of an alleged head of the Chinese company Haier Biomedical, which is effectively part of the logistics chain for vaccines and collaborates with the World Health Organization, Unicef ​​and other UN agencies.

In the messages prompted the supply of passwords or identification data, then exploited by malicious software.

They also tried to attack pharmaceutical companies that develop vaccines like the US ones Johnson & Johnson and Novavax, Britain’s AstraZeneca and South Korean laboratories, according to the Wall Street Journal.

Spanish laboratories They were attacked by Chinese cybercriminals, El Pais newspaper reported in September.

In November, the cold storage giant Americold reported an attack on its computer systems to the body in charge of controlling the United States Stock Exchange, without specifying whether that action was related to the role of the group in the storage of vaccines.

IBM specified that cannot determine who is behind those attacks, but he assures that its nature and sophistication make one think of a state actor.

For Mark Kedgleyc, from cybersecurity software provider New Net Technologies, « The intellectual property tied to powerful pharmaceuticals is of immense value to cybercriminals. »

“In the case of vaccines against covid-19It has to do with piracy at the level of nation-states ”, he estimated.

The countries whose names are frequently cited by Western experts are Russia, China or North Korea, although formal evidence against them is lacking.

The Russian antivirus manufacturer Kaspersky reminds in this regard that identity theft techniques can be used « or email addresses hosted in a .ru domain associated with sites in Russia (…) to try to deflect suspicions about the identity and, in particular, the nationality of the attackers » .

Financial motivations cannot be ruled out either, given the high profits left by the commercialization of vaccines.

“State and non-state actors try to use any situation to gain advantage, be it political or financial. It would have been inconceivable that covid-related efforts were not a target, ”said Brett Callow of Emsisoft, a company specializing in cybersecurity.

The US agency in charge of cybersecurity, CISA, estimated that the IBM report It must be taken seriously.

“CISA encourages all organizations involved in the storage and transportation of vaccines to reinforce your protections, mainly for cold storage operations, and to continue to be attentive to any activity in that sector, « said Josh Corman, a CISA researcher, in a statement sent to ..

Laboratories are also on alert.

« Most of the big pharmaceutical groups have the resources to detect and protect themselves from malicious code, » Marene Allison said Thursday, Johnson & Johnson Safety Manager.

« Unfortunately, this is not the case for everyone in the healthcare industry, » he added.