Cyber attacks on COVID-19 vaccine

December 07 2020

Cyber attacks are nothing new,  but they’ve changed focus as the fight against the coronavirus pandemic has progressed through the research phases to the production of working vaccines against COVID-19.

IBM cybersecurity analysts on Thursday said they uncovered an email phishing scheme targeting global coronavirus vaccine supply chains, and urged cold-chain companies to remain “vigilant” and “on high alert.”

Phishing scheme 

From September 2020, organisations across six countries were sent  emails purporting to be from Haier Biomedical, a member company of a long-running Unicef programme that aims to strengthen vaccine supply chains. The emails  targeted organizations in Italy, Germany, South Korea, the Czech Republic, greater Europe and Taiwan, the company said. Those emails contained malicious attachments which, when opened, displayed a request for security credentials under the guise of being encrypted files.

Three state-sponsored hacker groups from Russia and North Korea have targeted those seven COVID-19 vaccine makers. China and Iran have also been accused of attacks.

“This activity took place in September, which means that someone’s looking to get ahead, looking to be where they need to be at the critical moment,” says Claire Zaboeva, senior cyber threat analyst with IBM Security X-Force. “It’s the first time we’ve seen that level of pre-positioning within the context of the pandemic.”

IBM also “urges companies in the Covid-19 supply chain – from research of therapies, healthcare delivery to distribution of a vaccine – to be vigilant and remain on high alert during this time,” said Zaboeva.

IBM said other targets included companies involved in the manufacture of solar panels, which are used to power vaccine refrigerators in warm countries, and petrochemical products that could be used to derive dry ice.

Information about Covid vaccine projects has come under attack from hackers before. Last month, Reuters reported that suspected North Korean hackers had tried to break into the systems of AstraZeneca, posing as recruiters trying to approach staff with fake job offers before sending them emails with malicious code.

Possible Covid-19 vaccine cyber attacks 

  1. Cyber attacks at the manufacturing level- this style cyberattacks, specifically intended to tamper with the vaccine formula, would home in on the Internet-connected operational technology (OT) and industrial networks that help run manufacturing facilities.

Vaccines are highly complex materials with an extremely fine balance. Therefore, any small changes to the formula would throw off the efficacy and accuracy of the vaccine. If the remanufactured vaccine distribution isn’t caught on time, there could be unknown consequences for the overall health of the recipients.

  1. Storage Attack- if interested in damaging the vaccine’s distribution , they could stage an attack on the temperature control systems in place. The potency of the vaccines could be greatly reduced , if changing the climate of the warehouses or storage units. In addition, this action would negatively affect the desired immune response.
  2. Scheduling software attack- this will lead to delays in delivery and affecting the vaccine distribution schedule. Locked down storage rooms and rerouted transportation are some of the options for this cyberattack to be accomplished.

In order to defend against such an attack, vaccine manufacturers should work in collaboration with external or third-party vendors. This will ensure that all manufacturers are enforcing the same cybersecurity standards. Not only, but also to consult the extensive list of specific recommendations in the alert issued by the NSA and CISA on July 23.