Cybercriminals target Covid-19 vaccines

Covid-19 vaccines currently under development have become the object of significant international intrigue and drama. Most recently, the European Medicines Agency (EMA) announced that it was the victim of a cyber-attack that succeeded in stealing data related to Pfizer and BioNTech’s Covid-19 mRNA vaccine, which is being rolled out in the UK, US and Canada.

An initial review by the EMA revealed that ‘a limited number of documents belonging to third parties were unlawfully accessed’, and the full investigation demonstrated that ‘data has been breached,’ the EMA said on 11 December.

More specifically, Pfizer and BioNTech revealed in a separate statement that documents relating to the regulatory submission for their Covid-19 vaccine BNT162b2, which had been stored on an EMA server, were ‘unlawfully accessed’. The EMA has offered assurances that the cyber-attack will have no impact on the timeline for its review of the vaccine, the companies said.

The EMA breach followed announcements by IBM’s cybersecurity division X-Force and the US Department of Homeland Security (DHS) in early December that a series of cyber-attacks had been launched against companies and government organisations distributing Covid-19 vaccines. These attacks were directed at the vaccine distribution network’s cold supply chain, which enables the vaccine to be delivered at safe temperatures

IBM’s analysis indicates that the hacking operation began in September 2020, and involved a phishing campaign that spanned six countries. The company concluded that the culprit is probably very familiar with critical components and participants of the cold supply chain, which include solar panel manufacturers and makers of dry ice.

Impersonating and phishing

These hackers operated by impersonating a biomedical company and sending phishing emails to corporate executives and global organisations involved in vaccine storage and transport, the DHs explained. The goal was to try to get hold of the recipients’ account credentials and gain unauthorised access to internal communications, as well as information about the process, methods and plans to distribute a Covid-19 vaccine.

‘Physically, if you break the cold chain, the vaccine is useless, you’ve basically destroyed it,’ says Andrew Ginter, the vice president of industrial security at the Israel-based operational security company Waterfall Security. Pfizer and BioNTech’s vaccine, for example must be kept at between -70C and -80C for up to 15 days.

A cyberattack is any intentional effort to steal, expose, alter, disable, or destroy data, applications or other assets through unauthorized access to a network, computer system or digital device.

Threat actors launch cyberattacks for all sorts of reasons, from petty theft to acts of war. They use a variety of tactics, like malware attacks, social engineering scams, and password theft, to gain unauthorized access to their target systems.

Cyberattacks can disrupt, damage and even destroy businesses. The average cost of a data breach is USD 4.35 million. This price tag includes the costs of discovering and responding to the violation, downtime and lost revenue, and the long-term reputational damage to a business and its brand.

But some cyberattacks can be considerably more costly than others. Ransomware attacks have commanded ransom payments as high as USD 40 million (link resides outside ibm.com). Business email compromise (BEC) scams have stolen as much as USD 47 million from victims in a single attack (link resides outside ibm.com).

Cyberattacks that compromise customers' personally identifiable information (PII) can lead to a loss of customer trust, regulatory fines, and even legal action. By one estimate, cybercrime will cost the world economy USD 10.5 trillion per year by 2025

Preventing cyberattacks

Many organizations implement a threat management strategy to identify and protect their most important assets and resources. Threat management may include policies and security solutions like:

Identity and access management (IAM) platforms and policies, including least-privilege access, multi-factor authentication, and strong password policies, can help ensure only the right people have access to the right resources. Companies may also require remote employees to use virtual private networks (VPNs) when accessing sensitive resources over unsecured wifi.

A comprehensive data security platform and data loss prevention (DLP) tools can encrypt sensitive data, monitor its access and usage, and raise alerts when suspicious activity is detected. Organizations can also make regular data backups to minimize damage in the event of a breach.

Firewalls can help block threat actors from entering the network in the first place. Firewalls can also block malicious traffic flowing out of the network, such as malware attempting to communicate with a command and control server.

Security awareness training can help users identify and avoid some of the most common cyberattack vectors, such as phishing and other social engineering attacks.

Vulnerability management policies, including patch management schedules and regular penetration testing, can help catch and close vulnerabilities before hackers can exploit them.

Attack surface management (ASM) tools can identify, catalog, and remediate potentially vulnerable assets before cyberattackers find them.

Unified endpoint management (UEM) tools can enforce security policies and controls around all endpoints on the corporate network, including laptops, desktops, and mobile devices.