IBM discovers hackers targeting COVID vaccine supply chain
The recently announced COVID-19 vaccines require a 'cold chain' -- a temperature-controlled supply chain that maintains the desired temperature range throughout distribution.
New research from IBM Security X-Force reveals that this cold chain is being targeted in a precision phishing campaign.
This is a highly-targeted operation against the COVID-19 vaccine cold chain supporting the Gavi Alliance and UNICEF's efforts to safely transport a vaccine to underdeveloped regions. These regions also rely on external aid to store their vaccines in temperature-controlled environments. Researchers say the campaign has the hallmarks of a state-sponsored attack.
Sam Curry, chief security officer at Cybereason, says, "The latest headlines warning of a targeted cyber espionage campaign to disrupt the global COVID-19 vaccine distribution network is yet another wake up call to all public and private sector companies working around the clock to put an end to this global pandemic. As I have been saying throughout the year, it has never been a question of if the research companies, pharma companies and hospitals would be targeted, but more about how frequently and how much damage would be caused."
Aspects of the attack include impersonating a key individual from a Chinese biomedical company to conduct spear-phishing attacks against global organizations that provide material support to the cold chain.
There have also been credential harvesting attempts against global organizations in at least six countries in an attempt to access sensitive information pertaining to the vaccine transport and distribution.
Chris Morales, head of security analytics at Vectra says:
As the cure for COVID is essentially the most valuable thing in the world in 2020, and attackers always go for what is of value, this was a sort of an inevitable scenario.
Targeted phishing attacks continue to be the easiest way for attackers to circumvent traditional security, and gaining access to credentials is a highly effective way of continuing an attacks. Knowing about threats targeting an organization (phishing) and stopping it are two different things. The attackers only need to succeed once in this scenario.
You can read more on the IBM Security Intelligence blog.