Technology giant IBM has released a report stating that hackers are targeting COVID-19 vaccine manufacturers, attempting to disrupt research efforts and distribution efforts of the vaccine with a range of information security threats.
The news comes after IBM created a special division of cyber security specialists, codenamed IBM Security X-Force, who has been instructed to monitor cyber security threats against organisations involved in vaccine research, development and distribution.
Reports are that the task force has discovered a sophisticated threat campaign against organisations involved in the distribution of vaccines, stating that the evidence they’ve seen “hold[s] the potential hallmarks of nation-state tradecraft.”
IBM says that “our team recently uncovered a global phishing campaign targeting organisations associated with a COVID-19 cold chain. The cold chain is a component of the vaccine supply chain that ensures the safe preservation of vaccines in temperature-controlled environments during their storage and transportation.”
“The adversary impersonated a business executive from Haier Biomedical, a credible and legitimate member company of the COVID-19 vaccine supply chain and qualified supplier for the CCEOP program. The company is purportedly the world’s only complete cold chain provider,” the authors state.
IBM’s team says that “disguised as this employee, the adversary sent phishing emails to organisations believed to be providers of material support to meet transportation needs within the COVID-19 cold chain.”
Researchers say that the targets of this potentially nation-state driven campaign against COVID-19 vaccine manufacturers were located all around the world, from Taiwan to Italy, South Korea, Czech Republic, Germany and Italy.
Hackers also used “help and support pages of targeted organisations” to find another potential avenue into the system. With a variety of tactics, the researchers said it was important to be wary of these hackers targeting COVID-19 vaccine manufacturers with increasingly sophisticated cyber threat techniques.
They continued to explain that “we assess that the purpose of this COVID-19 phishing campaign may have been to harvest credentials, possibly to gain future unauthorized access to corporate networks and sensitive information relating to the COVID-19 vaccine distribution.”
In terms of who is the most likely target behind hackers targeting COVID-19 vaccine manufacturers, authors of the report state that “while attribution is currently unknown, the precision targeting and nature of the specific targeted organisations potentially point to nation-state activity.”
“Without a clear path to a cash-out, cyber criminals are unlikely to devote time and resources to execute such a calculated operation with so many interlinked and globally distributed targeted. Likewise, insight into the transport of a vaccine may present a hot-black market commodity, however, advanced insight into the purchase and movement of a vaccine that can impact life and the global economy is likely a high-value and high-priority nation-state target.”
The researchers in question have put together a number of security recommendations for organisations potentially linked to the cold chain and manufacturers of COVID-19 related equipment, which include:
- The creation and testing of an incident response plan for the organisation
- Sharing and ingesting of current threat intelligence out there to understand the risks and most recent techniques deployed by hackers
- Assessing your third-party ecosystem, and identify risks involved with any third party company your organisation might be linked to
- Integrate a ‘zero-trust’ approach to your information security strategy
- Deploy multi-factor authentication across the whole organisation
- Conduct regular email security educational trainings
- Utilise endpoint protection and response tools to detect threats in your organisation