Computers

COVID-19 vaccine distribution networks targeted by hackers

COVID-19 vaccine distribution ...
IBM cybersecurity analysis suggests an attack was intended to infiltrate cold chain supply networks for COVID-19 vaccines
IBM cybersecurity analysis suggests an attack was intended to infiltrate cold chain supply networks for COVID-19 vaccines
View 1 Image
IBM cybersecurity analysis suggests an attack was intended to infiltrate cold chain supply networks for COVID-19 vaccines
1/1
IBM cybersecurity analysis suggests an attack was intended to infiltrate cold chain supply networks for COVID-19 vaccines

IBM security analysts have discovered a global phishing campaign designed to infiltrate organizations associated with managing cold chain supplies of COVID-19 vaccines. The cyber threat analysis suggests this campaign presents the hallmarks of nation-state spycraft but no individual country has so far been implicated in the activity.

In early 2020, recognizing the unique cybersecurity issues posed by a global pandemic, IBM created a specific COVID-19 security task force. A branch of its Security X-Force division, this collection of cybersecurity analysts focused particularly on ways hackers may be maliciously using the pandemic for novel, targeted scams.

An early discovery from the task force revealed a highly targeted phishing campaign directed at a German corporation tasked with procuring personal protective equipment (PPE). Tracked back to a Russian-based IP address, it was unclear what the goal of those cyberattacks were, but the analysts hypothesized at the time that it was, “highly likely criminal and state-sponsored actors alike will seek to exploit global procurement and supply chains with the intention of either profiting from the crisis or supporting the acquisition activities of their host nation.”

A new blog post authored by IBM X-Force analysts Claire Zaboeva and Melissa Frydrych reports the detection of a calculated phishing campaign targeting organizations affiliated with an international cold chain equipment optimization program. The analysis reveals the phishing activity impersonated an employee from Haier Biomedical, a Chinese company working with several United Nations agencies to create cold chain supply lines for effective COVID-19 vaccine distribution.

“It is highly likely that the adversary strategically chose to impersonate Haier Biomedical because it is purported to be the world’s only complete cold chain provider,” suggest Zaboeva and Frydrych. “We assess that the purpose of this COVID-19 phishing campaign may have been to harvest credentials, possibly to gain future unauthorized access to corporate networks and sensitive information relating to the COVID-19 vaccine distribution.”

At this stage it is unclear if any of these phishing attempts were successful. In conjunction with the IBM report, the US government’s Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert to all organizations involved in vaccine distribution urging vigilance in their security practices.

Exactly where this attack could be coming from is also an ongoing mystery. IBM is not pointing to any particular country as being responsible at this point, but Zaboeva and Frydrych do make clear the activity bears all the hallmarks of nation-state cyber-activity.

“While attribution is currently unknown, the precision targeting and nature of the specific targeted organizations potentially point to nation-state activity,” write Zaboeva and Frydrych. “Without a clear path to a cash-out, cyber criminals are unlikely to devote the time and resources required to execute such a calculated operation with so many interlinked and globally distributed targets.”

Source: Security Intelligence

2 comments
buzzclick
The assumption that criminal hackers are not to blame because they lack the networking and impetus to go through all this trouble for little reward is dubious. The ubiquitous nature of the internet makes it so that anyone from anywhere can be doing this just for kicks and creds, using techniques that make it hard to be identified. Yes, hacking activity can be coming from N. Korea, China or Russia, but to spontaneously blame "state sponsors" every time this kind of hacking activity occurs may be irresponsible (and predictable).
ObiWanCeleri
While the corporate medias have been focusing on these hacking attempts, very little attention has been put on the elephant in the room: not only are pharmaceuticals fighting to push their monopoly, they have also received substantial amounts from different governments in order to make the said vaccine.
If the vaccine gets funded by the state, it SHOULD therefore become open source. Many corporations have made a killing (pun intended) from this virus. The pharmaceuticals should'nt be permitted to do the same.